﻿<!DOCTYPE html>
<html>
  <head>
    <meta charset='utf-8' />
    <title>
      Fortify on Demand Security Review
    </title>
    <style type='text/css'>
body {
    font-family: Metric, Verdana, Helvetica, Arial, sans-serif;
    font-size: 14px;
    color: #000;
    margin: 0;
    padding: 15px;
    position: relative;
}

h2 {
    color: #0079EF;
}

h1, h2, h3 {
    margin: 20px 0 10px;
}

h4, h5, h6 {
    margin: 10px 0;
}

p {
    margin: 0 0 10px;
}

pre {
    display: block;
    padding: 9.5px;
    margin: 0 0 10px;
    font-size: 90%;
    line-height: 1.42857143;
    color: #000;
    word-break: break-all;
    word-wrap: break-word;
    background-color: #F5F7F8;
    border: 1px solid #DCDEDF;
    border-radius: 4px;
    /* portal overrides */
    border-radius: 0;
    background-color: #F1F2F3;
    border-color: #bfbfbf;
}

code {
    padding: 2px 4px;
    font-size: 90%;
    color: #FF454F;
    background-color: #f9f2f4;
    border-radius: 4px;
}

table {
    width: 100%;
    border-collapse: collapse;
    border-spacing: 0;
}

    table tr td {
        vertical-align: top;
    }

    /* tables */
    table.table {
        margin-bottom: 10px;
        table-layout: fixed;
        width: 100%;
    }

        table.table > caption {
            font-size: 1.1em;
            font-weight: bold;
        }

        table.table > thead > tr > th,
        table.table > thead > tr > td,
        table.table > tbody > tr > th,
        table.table > tbody > tr > td,
        table.table > tfoot > tr > th,
        table.table > tfoot > tr > td {
            vertical-align: middle;
            padding: 4px;
            white-space: nowrap;
            overflow: hidden;
            text-overflow: ellipsis;
        }

            table.table > thead > tr > th.allow-wrap,
            table.table > thead > tr > td.allow-wrap,
            table.table > tbody > tr > th.allow-wrap,
            table.table > tbody > tr > td.allow-wrap,
            table.table > tfoot > tr > th.allow-wrap,
            table.table > tfoot > tr > td.allow-wrap {
                white-space: normal;
            }

        table.table > thead {
        }

            table.table > thead > tr {
                background-color: #0079EF;
                color: #fff;
            }

                table.table > thead > tr > th {
                }

                    table.table > thead > tr > th.bg-white {
                        background-color: #fff;
                        color: Black;
                    }

                table.table > thead > tr:not(:first-child) {
                    background-color: #bfbfbf;
                }

        table.table > tfoot {
            border-top: 1px solid #0079EF;
        }

            table.table > tfoot > tr {
                background-color: #fff;
                color: #000;
            }

    table.table-striped {
    }

        table.table-striped > tbody {
        }

            table.table-striped > tbody > tr {
                background-color: #fff;
            }

                table.table-striped > tbody > tr:nth-child(odd) {
                    background-color: #F1F2F3;
                }

    table.table-wrapped {
    }

        table.table-wrapped > tbody {
        }

            table.table-wrapped > tbody > tr {
            }

                table.table-wrapped > tbody > tr > td {
                    white-space: normal;
                    vertical-align: top;
                }

    table.table-condensed {
    }

        table.table-condensed > thead > tr > th,
        table.table-condensed > thead > tr > td,
        table.table-condensed > tbody > tr > th,
        table.table-condensed > tbody > tr > td {
            padding: 2px;
        }

/* grid system */
.container {
    padding-right: 15px;
    padding-left: 15px;
    margin-right: auto;
    margin-left: auto;
}

    .container:before,
    .container:after {
        display: table;
        content: " ";
    }

    .container:after {
        clear: both;
    }

    .container .row {
        margin-right: -15px;
        margin-left: -15px;
    }

        .container .row:before,
        .container .row:after {
            display: table;
            content: " ";
        }

        .container .row:after {
            clear: both;
        }

        .container .row .col-3,
        .container .row .col-4,
        .container .row .col-6,
        .container .row .col-12 {
            position: relative;
            min-height: 1px;
            padding-left: 5px;
            padding-right: 5px;
            float: left;
        }

        .container .row .col-3 {
            width: 25%;
        }

        .container .row .col-4 {
            width: 33.33333333%;
        }

        .container .row .col-6 {
            width: 50%;
        }

        .container .row .col-12 {
            width: 100%;
        }

/* box-sizing workaround; remove once box-sizing is applied at the root element */
.container {
    box-sizing: border-box;
}

    .container .row {
        box-sizing: border-box;
    }

        .container .row .col-3,
        .container .row .col-4,
        .container .row .col-6,
        .container .row .col-12 {
            box-sizing: border-box;
        }

.block-header {
    padding: 4px;
}

/* typography */
.text-primary {
    color: #0079EF;
}

.text-severity-critical {
    color: #e11f26;
}

.text-severity-high {
    color: #f26527;
}

.text-severity-medium {
    color: #f99c1c;
}

.text-severity-low {
    color: #fccc0a;
}

.text-severity-info {
    color: #d7df23;
}

.text-severity-bestpractice {
    color: #d7df23;
}

.text-muted {
    color: #BDBEC0;
}

.bg-primary {
    background-color: #0079EF;
    color: #fff;
}

.bg-gray {
    background-color: #bfbfbf;
    color: #fff;
}

.bg-severity-critical {
    background-color: #e11f26;
    color: #fff;
}

.bg-severity-high {
    background-color: #f26527;
    color: #fff;
}

.bg-severity-medium {
    background-color: #f99c1c;
    color: #fff;
}

.bg-severity-low {
    background-color: #fccc0a;
    color: #fff;
}

.bg-severity-info {
    background-color: #d7df23;
    color: #000;
}

.bg-severity-bestpractice {
    background-color: #d7df23;
    color: #000;
}

.text-left {
    text-align: left;
}

.text-center {
    text-align: center;
}

.text-right {
    text-align: right;
}

.list-unstyled {
    padding-left: 0;
    list-style: none;
}

.small {
    font-size: 85%;
}

.pull-left {
    float: left !important;
}

.pull-right {
    float: right !important;
}

table.summary {
    width: 420px;
}

    table.summary tr {
    }

        table.summary tr td {
            padding: 3px;
        }

table.issue-detail-instances {
}

    table.issue-detail-instances tbody tr.audit-data > td {
        padding: 6px 20px;
    }

.clearfix {
}

    .clearfix:before,
    .clearfix:after {
        content: ' ';
        display: table;
    }

    .clearfix:after {
        clear: both;
    }

.chart {
    border: 2px solid #656668;
    margin: 0 0 8px;
    padding: 10px;
    text-align: center;
}

    .chart h4 {
        text-align: center;
        margin-top: 0;
    }

    .chart table {
        text-align: center;
    }

.fortify-security-rating {
    width: 280px;
    padding: 0;
}

    .fortify-security-rating h4 {
        margin: 4px 0;
    }

    .fortify-security-rating .scan-types {
        display: table;
        table-layout: fixed;
        width: 100%;
        border-top: 2px solid #656668;
        margin-top: 4px;
    }

        .fortify-security-rating .scan-types div {
            display: table-cell;
            width: 50%;
            text-align: left;
            vertical-align: middle;
            padding: 4px 2px;
            height: 24px;
            line-height: 24px;
        }

            .fortify-security-rating .scan-types div:not(:last-child) {
                border-right: 2px solid #656668;
            }

            .fortify-security-rating .scan-types div:only-child {
                padding: 4px 90px;
            }

            .fortify-security-rating .scan-types div img {
                width: 24px;
                height: 24px;
                vertical-align: middle;
                float: right;
                padding: 0 4px;
            }

            .fortify-security-rating .scan-types div:after {
                content: '';
                clear: both;
            }

.static-file-listing {
}

    .static-file-listing thead tr th:nth-child(1) {
        width: 60%;
    }

    .static-file-listing thead td th:nth-child(2),
    .static-file-listing thead td th:nth-child(3) {
        width: 20%;
        text-align: right;
    }

    .static-file-listing tbody tr td:nth-last-child(2),
    .static-file-listing tbody tr td:nth-child(3) {
        text-align: right;
    }

.appendix-security-rating {
}

    .appendix-security-rating thead tr th:nth-child(1) {
        width: 20%;
    }

    .appendix-security-rating thead tr th:nth-child(2) {
        width: 80%;
    }

    .appendix-security-rating tbody tr td {
        height: 60px;
        white-space: normal;
    }

        .appendix-security-rating tbody tr td:first-child {
            background-color: #fff;
            text-align: center;
        }

        .appendix-security-rating tbody tr td:nth-child(2) {
            white-space: normal;
        }

/* syntax highlighting */
.syntax {
    font-family: monospace;
    font-size: 85%;
    margin-bottom: 20px;
}

    .syntax .default {
        color: #000000;
    }

    .syntax .AttackSelection {
        background-color: #B21646;
        color: #FFFFFF;
    }

    .syntax .HeaderName {
        color: #FF454F;
    }

    .syntax .HeaderValue {
        color: #014272;
    }

    .syntax .Comment {
        color: #5BBA36;
    }

    .syntax .Text {
        color: #000;
    }

    .syntax .ElementName {
        color: #B21646;
    }

    .syntax .AttrName {
        color: #FF454F;
    }

    .syntax .AttrValue {
        color: #271782;
    }

    .syntax .JSKeyword {
        color: #014272;
    }

    .syntax .JSComment {
        color: #5BBA36;
    }

    .syntax .StartAtLine {
        color: #E57828;
        font-weight: bold;
        font-family: Metric, Verdana, Helvetica, Arial, sans-serif;
    }

.analysis {
    display: table;
    table-layout: fixed;
    width: 100%;
}

    .analysis .analysis-trace {
        display: table-cell;
        width: 35%;
    }

        .analysis .analysis-trace ul {
            font-size: 85%;
        }

            .analysis .analysis-trace ul li {
                overflow: hidden;
                text-overflow: ellipsis;
                white-space: nowrap;
                padding: 1px 0;
            }

                .analysis .analysis-trace ul li img {
                    vertical-align: middle;
                    width: 16px;
                    height: 16px;
                }

                    .analysis .analysis-trace ul li img[src=""] {
                        visibility: hidden;
                    }

                .analysis .analysis-trace ul li span {
                }

    .analysis .analysis-source {
        display: table-cell;
        width: 65%;
        padding-left: 10px;
    }

        .analysis .analysis-source pre {
            font-size: 85%;
        }

    .analysis .analysis-diagram {
        display: table-cell;
        width: 100%;
    }

        .analysis .analysis-diagram .analysis-diagram-container {
            font-size: 80%;
            display: table;
            margin: 0 auto;
        }

            .analysis .analysis-diagram .analysis-diagram-container .column {
                display: table-cell;
                vertical-align: top;
                /*width: 200px;*/
                position: relative;
            }

                .analysis .analysis-diagram .analysis-diagram-container .column .line {
                    position: absolute;
                    left: 50%;
                    height: 100%;
                    border: 1px dashed #000;
                    z-index: 10;
                }

                .analysis .analysis-diagram .analysis-diagram-container .column:not(:first-child) {
                    padding-left: 15px;
                }

                .analysis .analysis-diagram .analysis-diagram-container .column .entry {
                    background-color: #fff;
                    text-align: center;
                    padding: 0 8px;
                    height: 28px;
                    line-height: 28px;
                    white-space: nowrap;
                    text-overflow: ellipsis;
                    overflow: hidden;
                    border: 1px solid #000;
                    position: relative;
                    z-index: 30;
                }

                    .analysis .analysis-diagram .analysis-diagram-container .column .entry img {
                        position: absolute;
                        top: 6px;
                        left: 5px;
                        width: 16px;
                        height: 16px;
                    }

                    .analysis .analysis-diagram .analysis-diagram-container .column .entry.entry-header {
                        background-color: #BDBEC0;
                    }

                    .analysis .analysis-diagram .analysis-diagram-container .column .entry.entry-source {
                        background-color: rgb(213,216,251);
                    }

                    .analysis .analysis-diagram .analysis-diagram-container .column .entry.entry-sink {
                        background-color: rgb(239,154,151);
                    }

                .analysis .analysis-diagram .analysis-diagram-container .column .child-context {
                    width: 10px;
                    border: 1px solid #000;
                    background-color: #fff;
                    left: 50%;
                    margin-left: -5px;
                    position: absolute;
                    z-index: 30;
                }

                .analysis .analysis-diagram .analysis-diagram-container .column .arrow {
                    z-index: 20;
                    margin-top: -16px;
                    height: 0px;
                    border: 1px solid #000;
                    position: absolute;
                }

                    .analysis .analysis-diagram .analysis-diagram-container .column .arrow.arrow-after-source {
                        border-color: #e11f26;
                    }

                    .analysis .analysis-diagram .analysis-diagram-container .column .arrow.arrow-left {
                        margin-right: 50%;
                        right: 0;
                    }

                        .analysis .analysis-diagram .analysis-diagram-container .column .arrow.arrow-left::before {
                            height: 0;
                            width: 0;
                            border-top: 5px solid transparent;
                            border-bottom: 5px solid transparent;
                            border-right: 10px solid #000;
                            content: '';
                            position: absolute;
                            left: 0;
                            margin-top: -5px;
                            margin-left: -3px;
                        }

                    .analysis .analysis-diagram .analysis-diagram-container .column .arrow.arrow-after-source.arrow-left::before {
                        border-right-color: #e11f26;
                    }

                    .analysis .analysis-diagram .analysis-diagram-container .column .arrow.arrow-right {
                        margin-left: 50%;
                        left: 0;
                    }

                        .analysis .analysis-diagram .analysis-diagram-container .column .arrow.arrow-right::after {
                            height: 0;
                            width: 0;
                            border-top: 5px solid transparent;
                            border-bottom: 5px solid transparent;
                            border-left: 10px solid #000;
                            content: '';
                            position: absolute;
                            right: 0;
                            margin-top: -5px;
                            margin-right: -3px;
                        }

                    .analysis .analysis-diagram .analysis-diagram-container .column .arrow.arrow-after-source.arrow-right::after {
                        border-left-color: #e11f26;
                    }

.page-footer {
    display: none;
}

.application-monitoring-empty-table {
    text-align: center;
    padding: 8px;
    border: solid 1px #000;
    border-collapse: collapse;
}

.rule-details {
}

    .rule-details br:first-child {
        display: none;
    }

    </style>
    <style type='text/css' media='print'>
body {
    width: 720px;
    padding: 0;
}

table.table thead tr,
table.table tbody tr,
table.table tfoot tr {
    page-break-inside: avoid;
}

    table.table thead tr.allow-break,
    table.table tbody tr.allow-break,
    table.table tfoot tr.allow-break {
        page-break-inside: auto;
    }

pre {
    page-break-inside: avoid;
}

img {
    page-break-inside: avoid;
}

.page-footer {
    display: block;
    text-align: center;
    font-size: 90%;
    color: #BDBEC0;
    position: fixed;
    bottom: 0;
}

.page-break {
    page-break-after: always;
}

    .page-break:last-of-type {
        page-break-after: avoid;
    }

    </style>
  </head>
  <body>
<div class="pull-right">
        <img src="" height="64" />
</div>
<div class="clearfix"></div>

<div style="padding-top: 240px;">&nbsp;</div>

<h1>
    Fortify on Demand<br />
    Security Review
</h1>
<span id="title-page" data-bookmark-enabled="true" data-bookmark-level="1" data-bookmark-text="1. Title Page"></span>

<table class="summary">
    <tr>
        <td>Tenant:</td>
        <td>Nestle</td>
    </tr>
    <tr>
        <td>Application:</td>
        <td>Dashanqy - China</td>
    </tr>
    <tr>
        <td>Release:</td>
        <td>dashanqy.com</td>
    </tr>
    <tr>
        <td>Latest Analysis:</td>
        <td>2018/04/09 02:30:34 PM</td>
    </tr>
    <tr>
        <td>Latest Assessment Type:</td>
        <td>Dynamic+ Website Assessment </td>
    </tr>
</table>

<div style="padding-top: 120px;">&nbsp;</div>

<div class="page-break"></div>
<h2>Executive Summary</h2>
<span id="executive-summary" data-bookmark-enabled="true" data-bookmark-level="1" data-bookmark-text="2. Executive Summary"></span>

<div style="position: relative;">
    <table class="summary">
        <tr>
            <td>Tenant:</td>
            <td>Nestle</td>
        </tr>
        <tr>
            <td>Application:</td>
            <td>Dashanqy - China</td>
        </tr>
        <tr>
            <td>Release:</td>
            <td>dashanqy.com</td>
        </tr>
        <tr>
            <td>Business Criticality:</td>
            <td>Medium</td>
        </tr>
        <tr>
            <td>SDLC Status:</td>
            <td>Production</td>
        </tr>
        <tr>
            <td>Static Analysis Date:</td>
            <td>---</td>
        </tr>
            <tr>
                <td>Dynamic Analysis Date:</td>
                <td>2018/04/09</td>
            </tr>
    </table>

    <div style="position: absolute; top: 0; right: 0;">
        <div class="chart fortify-security-rating">
    <h4>Fortify on Demand Security Rating</h4>
    <div class="text-center">
                <img src="" height="32" width="32" />
                <img src="" height="32" width="32" />
                <img src="" height="32" width="32" />
                <img src="" height="32" width="32" />
                <img src="" height="32" width="32" />
    </div>
    <div class="small">
        <table>
            <tr>
                <td>12 issues</td>
                <td>Status: Pass</td>
            </tr>
        </table>
    </div>
    <div class="scan-types">
        <div>
            Static:
                    <img src="" />

        </div>
            <div>
                Dynamic:
                        <img src="" />

            </div>
    </div>
</div>


    </div>
</div>

<div class="clearfix"></div>

    <table class="table table-striped table-condensed">
        <caption>Application Details</caption>
            <tr>
                    <td>Enrolment Type: Standard Web Apps</td>
                    <td>Asset Status: New or Renovated</td>
            </tr>
            <tr>
                    <td>Country or Region: CN</td>
                    <td>DigiPI ID: 13776 </td>
            </tr>
            <tr>
                    <td>MSCI Region: Greater China Region</td>
                    <td>Zone: AOA</td>
            </tr>
    </table>

<div class="container">
    <div class="row">
        <div class="col-6">
            <div class="chart" style="height: 220px;">
                <h4>Risk Totals by Severity</h4>
                
                <img src="" height="198" width="266" style="margin-left: -40px;" />
            </div>
            <div class="chart" style="height: 280px;">
                <h4>Most Prevalent Issues by Category</h4>
                <img src="" height="258" width="325" />
            </div>
        </div>
        <div class="col-6">
            <div class="chart" style="height: 85px;">
                <h4>Issue Status</h4>
                <table class="table table-striped table-condensed">
                    <thead>
                        <tr>
                            <th>New</th>
                            <th>Existing</th>
                            <th>Reopened</th>
                        </tr>
                    </thead>
                    <tbody>
                        <tr>
                            <td>3</td>
                            <td>8</td>
                            <td>1</td>
                        </tr>
                    </tbody>
                </table>
            </div>
            <div class="chart" style="height: 103px;">
                <h4>Assignment Status</h4>
                <img src="" height="80" width="325" />
            </div>
            <div class="chart" style="height: 125px;">
                <h4>Developer Status</h4>
                <img src="" height="100" width="325" />
            </div>
            <div class="chart" style="height: 124px;">
                <h4>Auditor Status</h4>
                <img src="" height="100" width="325" />
            </div>
        </div>
    </div>
</div>

<div class="page-break"></div>
<h2>Issue Breakdown</h2>
<span id="issue-breakdown" data-bookmark-enabled="true" data-bookmark-level="1" data-bookmark-text="3. Issue Breakdown"></span>

<p>Issues are divided based on their impact (potential damage) and likelihood (probability of identification and exploit).</p>
<p>High impact / high likelihood issues represent the highest priority and present the greatest threat.</p>
<p>Low impact / low likelihood issues are the lowest priority and present the smallest threat.</p>
<p>See Appendix for more information.</p>

<table class="table table-striped text-center">
    <thead>
        <tr>
            <th style="width: 12%;">Rating</th>
            <th style="width: 64%;">Category</th>
            <th style="width: 12%;">Test Type</th>
            <th style="width: 12%;"></th>
        </tr>
    </thead>
    <tbody>
            <tr>
                <td class="bg-severity-medium">Medium</td>
                <td>
                        <a href="#CodeCorrectnessUntestedFunctionality">Code Correctness: Untested Functionality</a>
                </td>
                <td>Dynamic</td>
                <td>1</td>
            </tr>
            <tr>
                <td class="bg-severity-medium">Medium</td>
                <td>
                        <a href="#InsecureDeploymentUnpatchedApplication">Insecure Deployment: Unpatched Application</a>
                </td>
                <td>Dynamic</td>
                <td>2</td>
            </tr>
            <tr>
                <td class="bg-severity-medium">Medium</td>
                <td>
                        <a href="#PoorErrorHandlingUnhandledException">Poor Error Handling: Unhandled Exception</a>
                </td>
                <td>Dynamic</td>
                <td>1</td>
            </tr>
            <tr>
                <td class="bg-severity-low">Low</td>
                <td>
                        <a href="#CacheManagementInsecurePolicy">Cache Management: Insecure Policy</a>
                </td>
                <td>Dynamic</td>
                <td>1</td>
            </tr>
            <tr>
                <td class="bg-severity-low">Low</td>
                <td>
                        <a href="#HostHeaderPoisoning">Host Header Poisoning</a>
                </td>
                <td>Dynamic</td>
                <td>1</td>
            </tr>
            <tr>
                <td class="bg-severity-low">Low</td>
                <td>
                        <a href="#InsecureTransportHSTSnotSet">Insecure Transport: HSTS not Set</a>
                </td>
                <td>Dynamic</td>
                <td>1</td>
            </tr>
            <tr>
                <td class="bg-severity-low">Low</td>
                <td>
                        <a href="#InsecureTransportWeakSSLCipher">Insecure Transport: Weak SSL Cipher</a>
                </td>
                <td>Dynamic</td>
                <td>1</td>
            </tr>
            <tr>
                <td class="bg-severity-low">Low</td>
                <td>
                        <a href="#InsecureTransportWeakSSLProtocol">Insecure Transport: Weak SSL Protocol</a>
                </td>
                <td>Dynamic</td>
                <td>2</td>
            </tr>
            <tr>
                <td class="bg-severity-low">Low</td>
                <td>
                        <a href="#OftenMisusedFileUpload">Often Misused: File Upload</a>
                </td>
                <td>Dynamic</td>
                <td>1</td>
            </tr>
            <tr>
                <td class="bg-severity-low">Low</td>
                <td>
                        <a href="#SystemInformationLeakExternal">System Information Leak: External</a>
                </td>
                <td>Dynamic</td>
                <td>1</td>
            </tr>
    </tbody>
</table>

    <p>Vulnerabilities in your applications may take some time to remediate, test and move to production. In the meantime, we suggest HPE Application Defender to virtually patch these vulnerabilities. App Defender is installed from the cloud and begins monitoring and protecting your applications in minutes. A free trial is available at www.hpeapplicationdefender.com. The team is ready to help you. Give it a try or contact us at hpeappdefender@hpe.com.</p>

<div class="page-break"></div>
<h2>Issue Breakdown by Analysis Type</h2>
<span id="analysis-type-issue-breakdown" data-bookmark-enabled="true" data-bookmark-level="1" data-bookmark-text="4. Issue Breakdown by Analysis Type"></span>

<p>Issues are divided based on their impact (potential damage) and likelihood (probability of identification and exploit).</p>
<p>High impact / high likelihood issues represent the highest priority and present the greatest threat.</p>
<p>Low impact / low likelihood issues are the lowest priority and present the smallest threat.</p>
<p>See Appendix for more information.</p>

<table class="table table-striped">
    <thead>
        <tr>
            <th style="width: 70%;">Category</th>
            <th style="width: 10%;">Static</th>
            <th style="width: 10%;">Dynamic</th>
                <th style="width: 10%;">Network</th>
        </tr>
    </thead>
    <tbody>
            <tr>
                <td>Cache Management: Insecure Policy</td>
                <td class="text-center">0</td>
                <td class="text-center">1</td>
                    <td class="text-center">0</td>
            </tr>
            <tr>
                <td>Code Correctness: Untested Functionality</td>
                <td class="text-center">0</td>
                <td class="text-center">1</td>
                    <td class="text-center">0</td>
            </tr>
            <tr>
                <td>Host Header Poisoning</td>
                <td class="text-center">0</td>
                <td class="text-center">1</td>
                    <td class="text-center">0</td>
            </tr>
            <tr>
                <td>Insecure Deployment: Unpatched Application</td>
                <td class="text-center">0</td>
                <td class="text-center">2</td>
                    <td class="text-center">0</td>
            </tr>
            <tr>
                <td>Insecure Transport: HSTS not Set</td>
                <td class="text-center">0</td>
                <td class="text-center">1</td>
                    <td class="text-center">0</td>
            </tr>
            <tr>
                <td>Insecure Transport: Weak SSL Cipher</td>
                <td class="text-center">0</td>
                <td class="text-center">1</td>
                    <td class="text-center">0</td>
            </tr>
            <tr>
                <td>Insecure Transport: Weak SSL Protocol</td>
                <td class="text-center">0</td>
                <td class="text-center">2</td>
                    <td class="text-center">0</td>
            </tr>
            <tr>
                <td>Often Misused: File Upload</td>
                <td class="text-center">0</td>
                <td class="text-center">1</td>
                    <td class="text-center">0</td>
            </tr>
            <tr>
                <td>Poor Error Handling: Unhandled Exception</td>
                <td class="text-center">0</td>
                <td class="text-center">1</td>
                    <td class="text-center">0</td>
            </tr>
            <tr>
                <td>System Information Leak: External</td>
                <td class="text-center">0</td>
                <td class="text-center">1</td>
                    <td class="text-center">0</td>
            </tr>
    </tbody>
    <tfoot>
        <tr>
            <td>Total</td>
            <td class="text-center">0</td>
            <td class="text-center">12</td>
                <td class="text-center">0</td>
        </tr>
    </tfoot>
</table>

<div class="page-break"></div>


<h2>Issue Detail</h2>
<span id="auditor-issue-detail" data-bookmark-enabled="true" data-bookmark-level="1" data-bookmark-text="5. Issue Detail (Extended)"></span>

<p>Below is an enumeration of all issues found in the project. The issues are organized by priority and category and then broken down by the package, namespace, or location in which they occur.</p>
<p>The priority of an issue can be Critical, High, Medium, or Low.</p>
<p>Issues from static analysis reported on at same line number with the same category originate from different taint sources.</p>

    <h3>
            <a name="CodeCorrectnessUntestedFunctionality"></a>
        <span>5.1.1</span>
        <span>Code Correctness: Untested Functionality</span>
        <span class="pull-right text-severity-medium">Medium</span>

    </h3>
    <div></div>
    <div>OWASP Top 10: </div>
    <div>PCI 3.2: </div>
    <h4>Summary</h4>
    <div class="rule-details">During security testing of the target application, some of the functionality was found to be inoperable.  As such, any potential security vulnerabilities associated with this functionality could not be evaluated and its controls could not be verified.</div>
        <h4>Explanation</h4>
        <div class="rule-details">Gaps in testing coverage could leave significant vulnerabilities unreported, leading to a false sense of security while leaving the application open to attack and/or compromise.</div>
        <h4>Recommendation</h4>
        <div class="rule-details">Ensure that all key application functionality is operational and ready for security testing to ensure completeness of coverage.</div>
    <div class="page-break"></div>
    <h4>Instances</h4>
    <div>
        <span class="text-primary">Code Correctness: Untested Functionality</span>
        <span class="pull-right text-severity-medium">Medium</span>
    </div>
        <table class="table table-striped table-condensed issue-detail-instances">
            <thead>
                <tr>
                    <td class="text-left block-header">Location</td>
                </tr>
            </thead>
            <tbody class="small">
                    <tr>
                        <td>
                                    <span><a href="#d3dd2e2673204486aebedb801e25f442">ID 59395286</a>  - https:​/​/www​.dashanqy​.com​/login​.aspx</span>

                        </td>
                    </tr>
        <tr class="audit-data allow-break">
            <td colspan="1">
                <table>
                    <tr>
                        <td style="width: 25%;">Assigned To: Not Set</td>
                        <td style="width: 37.5%;">Developer Status: Not Set</td>
                        <td style="width: 37.5%;">Auditor Status: Not Set</td>
                    </tr>
                </table>


                    <h5>Notes</h5>
                    <pre>The site contains login functionality.  However, the option to test unauthenticated  was chosen.  Authentication and Session vulnerabilities such as account enumeration, weak password, session time outs, etc. were not tested.  

It is strongly urged to run a new test with authentication type of generate user ID or provide user information is chosen</pre>

            </td>
        </tr>
            </tbody>
        </table>
    <div class="page-break"></div>
    <h3>
            <a name="InsecureDeploymentUnpatchedApplication"></a>
        <span>5.1.2</span>
        <span>Insecure Deployment: Unpatched Application</span>
        <span class="pull-right text-severity-medium">Medium</span>

    </h3>
    <div></div>
    <div>OWASP Top 10: </div>
    <div>PCI 3.2: </div>
    <h4>Summary</h4>
    <div class="rule-details">While testing, a possible unsupported version of software or a version of software with a known vulnerability was discovered.</div>
        <h4>Explanation</h4>
        <div class="rule-details">If the software is no longer supported by the vendor, there will not be any further product support, bug fixes, or patch releases.  Any known and unknown vulnerabilities affecting the unsupported software create risk from attackers.  Over time the security software vendors will also stop providing detection signatures.<br/><br/>If the software has known vulnerabilities and is supported by the vendor, it is recommended to apply the patches or upgrade to the newer version.</div>
        <h4>Recommendation</h4>
        <div class="rule-details">Employ a patch and vulnerability management  program to keep applications and servers current.  Follow vendor best practice and hardening guides for appropriate server technologies.  Limit or abolish the use of 3rd party scripts and applications.</div>
        <h4>References</h4>
        <div class="rule-details"><p><a href="http://www.techrepublic.com/article/tech-tip-understand-the-risks-of-obsolete-and-unsupported-software/">Understanding the risks of obsolete and unsupported software</a></p></br></br><p><a href="https://www.owasp.org/index.php/3rd_Party_Javascript_Management_Cheat_Sheet">OWASP 3rd Party Javascript Management Cheat Sheet</a></p></div>
    <div class="page-break"></div>
    <h4>Instances</h4>
    <div>
        <span class="text-primary">Insecure Deployment: Unpatched Application</span>
        <span class="pull-right text-severity-medium">Medium</span>
    </div>
        <table class="table table-striped table-condensed issue-detail-instances">
            <thead>
                <tr>
                    <td class="text-left block-header">Location</td>
                </tr>
            </thead>
            <tbody class="small">
                    <tr>
                        <td>
                                    <span><a href="#792a55b7196b49678cc55246151ff510">ID 38054911</a>  - https:​/​/www​.dashanqy​.com​/%3c</span>

                        </td>
                    </tr>
        <tr class="audit-data allow-break">
            <td colspan="1">
                <table>
                    <tr>
                        <td style="width: 25%;">Assigned To: Not Set</td>
                        <td style="width: 37.5%;">Developer Status: Not Set</td>
                        <td style="width: 37.5%;">Auditor Status: Not Set</td>
                    </tr>
                </table>


                    <h5>Notes</h5>
                    <pre>Issue detail
The library Microsoft .Net Framework: 4.0.30319 and ASP.Net: 4.0.30319.36393 have known security issues. For more information, visit these websites:
https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-2002/version_id-97706/Microsoft-.net-Framework-4.0.html
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3416
https://packetstormsecurity.com/files/108245/Microsoft-ASP.NET-Forms-Authentication-Bypass.html

Other consideration
The vulnerability might be affecting a feature of the library that the website is not using. If the vulnerable feature is not used, this alert can be consider as false positive.</pre>

            </td>
        </tr>
                    <tr>
                        <td>
                                    <span><a href="#7f7202d6ea254a81b64f2550c4848f37">ID 43433784</a>  - https:​/​/www​.dashanqy​.com​/manage​/js​/jquery​.min​.js</span>

                        </td>
                    </tr>
        <tr class="audit-data allow-break">
            <td colspan="1">
                <table>
                    <tr>
                        <td style="width: 25%;">Assigned To: Not Set</td>
                        <td style="width: 37.5%;">Developer Status: Not Set</td>
                        <td style="width: 37.5%;">Auditor Status: Not Set</td>
                    </tr>
                </table>


                    <h5>Notes</h5>
                    <pre>Issue detail
The library jquery version 1.8.3 has known security issues. For more information, visit those websites:
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Affected versions 
The vulnerability is affecting all versions prior 1.9.0b1 (between * and 1.9.0b1)
Other considerations 
The vulnerability might be affecting a feature of the library that the website is not using. If the vulnerable feature is not used, this alert can be consider as false positive.</pre>

            </td>
        </tr>
            </tbody>
        </table>
    <div class="page-break"></div>
    <h3>
            <a name="PoorErrorHandlingUnhandledException"></a>
        <span>5.1.3</span>
        <span>Poor Error Handling: Unhandled Exception</span>
        <span class="pull-right text-severity-medium">Medium</span>

    </h3>
    <div>CWE-200</div>
    <div>OWASP Top 10: </div>
    <div>PCI 3.2: 6.5.5 Improper Error Handling</div>
    <h4>Summary</h4>
    <div class="rule-details">Stack traces are call chains of line numbered source code that usually result from unhandled exceptions.  Unhandled exceptions are circumstances in which the application has received user input that it did not expect and doesn't know how to deal with. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system.  Recommendations include designing and adding consistent error-handling mechanisms that are capable of handling any user input to your web application, providing meaningful detail to end-users, and preventing error messages that might provide information useful to an attacker from being displayed. 
</div>
        <h4>Explanation</h4>
        <div class="rule-details"><br />Exception error messages may contain the location of the file in which the offending function is located. This may disclose the webroot's absolute path as well as give the attacker the location of application include files or configuration information. It may even disclose the portion of code that failed.  In most cases, it will be the result of the web application attempting to use an invalid client-supplied argument in a SQL statement, which means that SQL injection will be possible. If so, an attacker will at least be able to read the contents of the entire database arbitrarily. Depending on the database server and the SQL statement, deleting, updating and adding records and executing arbitrary commands may also be possible. If a software bug or bug is responsible for triggering the error, the potential impact will vary, depending on the circumstances. The location of the application that caused the error can be useful in facilitating other kinds of attacks. If the file is a hidden or include file, the attacker may be able to gain more information about the mechanics of the web application, possibly even the source code. Application source code is likely to contain usernames, passwords, database connection strings and aids the attacker greatly in disc</div>
        <h4>Recommendation</h4>
        <div class="rule-details"><br /><b>For Security Operations: </b><br /><br />
Unknown application testing seeks to uncover new vulnerabilities in both custom and commercial software.  Because of this, there are no specific patches or descriptions of this issue. Please note that this vulnerability may be a false positive if the page it is flagged on is technical documentation.However, follow these recommendations to help ensure a secure web application: 
<ul><li><b>Use Uniform Error Codes:</b> Ensure that you are not inadvertently supplying information to an attacker via the use of inconsistent or "conflicting" error messages. For instance, don't reveal unintended information by using error messages such as Access Denied, which will also let an attacker know that the file he seeks actually exists. Use consistent terminology for files and folders that do exist, do not exist, and which have read access denied. </li><li><b>Informational Error Messages:</b> Ensure that error messages do not reveal too much information. Complete or partial paths, variable and file names, row and column names in tables, and specific database errors should never be revealed to the end user. Remember, an attacker will gather as much information as possible, and then add pieces of seemingly innocuous information together to craft an attack. </li><li><b>Proper Error Handling:</b> Use generic error pages and error handling logic to inform end users of potential problems. Do not provide system information or other data that could be used by an attacker when orchestrating an attack. </li></ul><b>For Development:</b><br /><br />
This problem arises from the improper validation of characters that are accepted by the application. Any time a parameter is passed into a dynamically-generated web page, you must assume that the data could be incorrectly formatted. The application should contain sufficient logic to handle any situation in which a parameter is not being passed or is being passed incorrectly. Keep in mind how the data is being submitted, as a result of a GET or a POST. Additionally, to develop secure and stable code, treat cookies the same as parameters. The following recommendations will help ensure that you are delivering secure web applications.
<ul><li><b>Stringently define the data type:</b> Stringently define the data type (a string, an alphanumeric character, etc.) that the application will accept. Validate input for improper characters. Adopt the philosophy of using what is good rather than what is bad. Define the allowed set of characters. For instance, if a field is to receive a number, allow that field to accept only numbers. Define the maximum and minimum data lengths that the application will accept.</li><li><b>Verify parameter is being passed:</b> If a parameter that is expected to be passed to a dynamic Web page is omitted, the application should provide an acceptable error message to the user. Also, never use a parameter until you have verified that it has been passed into the application.</li><li><b>Verify correct format:</b> Never assume that a parameter is of a valid format. This is especially true if the parameter is being passed to a SQL database. Any string that is passed directly to a database without first being checked for proper format can be a major security risk. Also, just because a parameter is normally provided by a combo box or hidden field, do not assume the format is correct. A hacker will first try to alter these parameters while attempting to break into your site.</li><li><b>Verify file names being passed in via a parameter:</b> If a parameter is being used to determine which file to process, never use the file name before it is verified as valid. Specifically, test for the existence of characters that indicate directory traversal, such as .../, c:\, and /. </li><li><b>Do not store critical data in hidden parameters:</b> Many programmers make the mistake of storing critical data in a hidden parameter or cookie. They assume that since the user doesn't see it, it's a good place to store data such as price, order number, etc. Both hidden parameters and cookies can be manipulated and returned to the server, so never assume the client returned what you sent via a hidden parameter or cookie.</li></ul><b>For QA:</b><br /><br />
 From a testing perspective, ensure that the error handling scheme is consistent and does not reveal private information about your web application. A seemingly innocuous piece of information can provide an attacker the means to discover additional information that can be used to conduct an attack. Make the following observations:
<ul><li>Do you receive the same type of error for existing and non-existing files? </li><li>Does the error include phrases (such as "</li></ul></div>
        <h4>References</h4>
        <div class="rule-details"><br /><b>Web Application Security Whitepaper:</b><br /><a href="http://download.hpsmartupdate.com/asclabs/security_at_the_next_level.pdf">http://download.hpsmartupdate.com/asclabs/security_at_the_next_level.pdf</a><br /><br /><b>IIS Information: </b><br /><a href="http://www.microsoft.com/windows2000/en/server/iis/default.asp?url= /windows2000/en/server/iis/htm/core/iierrcst.htm">http://www.microsoft.com/windows2000/en/server/iis/default.asp?url= /windows2000/en/server/iis/htm/core/iierrcst.htm</a><br /><br /><b>Managing Unhandled Exceptions:</b><br /><a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/exceptdotnet.asp"> HTTP Server Version 2.0 - Authentication, Authorization, and Access Control</a></div>
    <div class="page-break"></div>
    <h4>Instances</h4>
    <div>
        <span class="text-primary">Poor Error Handling: Unhandled Exception</span>
        <span class="pull-right text-severity-medium">Medium</span>
    </div>
        <table class="table table-striped table-condensed issue-detail-instances">
            <thead>
                <tr>
                    <td class="text-left block-header">Location</td>
                </tr>
            </thead>
            <tbody class="small">
                    <tr>
                        <td>
                                    <span><a href="#d816958013bf4326ad96816e462ab1b7">ID 34531733</a>  - https:​/​/www​.dashanqy​.com​/%3c</span>

                        </td>
                    </tr>
        <tr class="audit-data allow-break">
            <td colspan="1">
                <table>
                    <tr>
                        <td style="width: 25%;">Assigned To: Not Set</td>
                        <td style="width: 37.5%;">Developer Status: Not Set</td>
                        <td style="width: 37.5%;">Auditor Status: Not Set</td>
                    </tr>
                </table>



            </td>
        </tr>
            </tbody>
        </table>
    <div class="page-break"></div>
    <h3>
            <a name="CacheManagementInsecurePolicy"></a>
        <span>5.2.1</span>
        <span>Cache Management: Insecure Policy</span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
    <div>CWE-525</div>
    <div>OWASP Top 10: A6</div>
    <div>PCI 3.2: </div>
    <h4>Summary</h4>
    <div class="rule-details">SSL contents on this site can be cached by browser or intermediate proxy server cache. </div>
        <h4>Explanation</h4>
        <div class="rule-details">SSL provides secure encrypted channel to transfer information from source to user. The information server over SSL is considered sensitive and trusted to be only available to requestor. However, caching these content on disk in temporary internet files or in intermediate proxy server can compromise that trust by exposing it to everyone who has access to these temporary storage or proxy cache. Hence these content served over SSL should have cache disabled. </div>
        <h4>Execution</h4>
        <div class="rule-details">Send a request to https://www.dashanqy.com:443/huaping.html and inspect the Cache-Control header value.</div>
        <h4>Recommendation</h4>
        <div class="rule-details">Set <font face="courier new">Cache-Control</font> directive to <font face="courier new">private</font>, <font face="courier new">no-cache</font> and/or <font face="courier new">no-store</font>.<br /><br /><b><em>private</em></b><br />
This directive allows the server to prevent a shared cache from caching responses that are intended for a single user. The mechanism can be used to ensure that privileged information is not accidentally leaked to unauthorized users. The directive may still allow caching of responses by non-shared caches.<br /><br /><b><em>no-cache</em></b><br />
For sensitive resources requiring user authentication, servers can send the no-cache directive to prevent caches from serving a cached response without first requiring the user agent to validate the user identity. This directive can be specified with or without field names. When no field names are included, this directive applies to the entire request or response.<br />
When one or more field names are specified in the no-cache directive, the response is can be cached but the specified field(s) must be excluded. If the response must include the specified field, then the cache must ensure that the request triggers a revalidation with the origin server.<br />
Example: <font face="courier new">Cache-Control: no-cache="Set-Cookie"</font><br />
This directive can be used to ensure sensitive information leakage by requiring the server to confirm the user identity before serving the protected information.<br /><br /><b><em>no-store</em></b><br />
To completely disable caching of requests or responses, the server must specify the no-store directive in the <font face="courier new">Cache-Control</font> header. This directive applies to the entire request and response regardless of whether the directive is sent in the request or the response.<br /></div>
        <h4>References</h4>
        <div class="rule-details"><br /><b>Server Configuration:</b><br /><a href="http://support.microsoft.com/kb/247404">IIS</a><br /><a href="http://httpd.apache.org/docs/2.2/caching.html">Apache</a><br /><br /><b>HTTP 1.1 Specification:</b><br /><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">HTTP Header Field Definitions</a><br /><br /><b>OWASP:</b><br /><a href="https://www.owasp.org/index.php/OWASP_Application_Security_FAQ#Browser_Cache">Browser Cache FAQ</a><br /><br /><b>HTTP Caching:</b><br /><a href="http://www.mnot.net/cache_docs/">Tutorial</a><br /></div>
    <div class="page-break"></div>
    <h4>Instances</h4>
    <div>
        <span class="text-primary">Cache Management: Insecure Policy</span>
        <span class="pull-right text-severity-low">Low</span>
    </div>
        <table class="table table-striped table-condensed issue-detail-instances">
            <thead>
                <tr>
                    <td class="text-left block-header">Location</td>
                </tr>
            </thead>
            <tbody class="small">
                    <tr>
                        <td>
                                    <span><a href="#c8a0b929c59f430dbebd5e4cc97390ef">ID 34530892</a>  - https:​/​/www​.dashanqy​.com:443​/huaping​.html</span>

                        </td>
                    </tr>
        <tr class="audit-data allow-break">
            <td colspan="1">
                <table>
                    <tr>
                        <td style="width: 25%;">Assigned To: Not Set</td>
                        <td style="width: 37.5%;">Developer Status: Not Set</td>
                        <td style="width: 37.5%;">Auditor Status: Not Set</td>
                    </tr>
                </table>


                    <h5>Notes</h5>
                    <pre>The following URLs were rolled into this vulnerability and are also applicable:


https://www.dashanqy.com/shownews_16.html
https://www.dashanqy.com/shownews_18.html
https://www.dashanqy.com/shownews_19.html
https://www.dashanqy.com/shownews_20.html
https://www.dashanqy.com/shownews_23.html
https://www.dashanqy.com/shownews_26.html
https://www.dashanqy.com/shownews_29.html
https://www.dashanqy.com/shownews_31.html
https://www.dashanqy.com/shownews_32.html
https://www.dashanqy.com/shownews_35.html
https://www.dashanqy.com/shownews_39.html
https://www.dashanqy.com/shownews_42.html
https://www.dashanqy.com/shownews_44.html
https://www.dashanqy.com/shownews_45.html
https://www.dashanqy.com/shownews_47.html
https://www.dashanqy.com/shownews_48.html
https://www.dashanqy.com/shownews_51.html
https://www.dashanqy.com/shownews_53.html
https://www.dashanqy.com/shownews_55.html

The following URLs were rolled into this vulnerability and are also applicable:


https://www.dashanqy.com/shownews_16.html
https://www.dashanqy.com/shownews_18.html
https://www.dashanqy.com/shownews_19.html
https://www.dashanqy.com/shownews_20.html
https://www.dashanqy.com/shownews_23.html
https://www.dashanqy.com/shownews_26.html
https://www.dashanqy.com/shownews_29.html
https://www.dashanqy.com/shownews_31.html
https://www.dashanqy.com/shownews_32.html
https://www.dashanqy.com/shownews_35.html
https://www.dashanqy.com/shownews_39.html
https://www.dashanqy.com/shownews_42.html
https://www.dashanqy.com/shownews_44.html
https://www.dashanqy.com/shownews_45.html
https://www.dashanqy.com/shownews_47.html
https://www.dashanqy.com/shownews_48.html
https://www.dashanqy.com/shownews_51.html
https://www.dashanqy.com/shownews_53.html
https://www.dashanqy.com/shownews_55.html

The following URLs were rolled into this vulnerability and are also applicable:


https://www.dashanqy.com/shownews_16.html
https://www.dashanqy.com/shownews_18.html
https://www.dashanqy.com/shownews_19.html
https://www.dashanqy.com/shownews_20.html
https://www.dashanqy.com/shownews_23.html
https://www.dashanqy.com/shownews_26.html
https://www.dashanqy.com/shownews_29.html
https://www.dashanqy.com/shownews_31.html
https://www.dashanqy.com/shownews_32.html
https://www.dashanqy.com/shownews_35.html
https://www.dashanqy.com/shownews_39.html
https://www.dashanqy.com/shownews_42.html
https://www.dashanqy.com/shownews_44.html
https://www.dashanqy.com/shownews_45.html
https://www.dashanqy.com/shownews_47.html
https://www.dashanqy.com/shownews_48.html
https://www.dashanqy.com/shownews_51.html
https://www.dashanqy.com/shownews_53.html
https://www.dashanqy.com/shownews_55.html
https://www.dashanqy.com/shownews_57.html
https://www.dashanqy.com/shownews_59.html
https://www.dashanqy.com/shownews_61.html
https://www.dashanqy.com/shownews_63.html
https://www.dashanqy.com/shownews_65.html
https://www.dashanqy.com/shownews_67.html
</pre>

            </td>
        </tr>
            </tbody>
        </table>
    <div class="page-break"></div>
    <h3>
            <a name="HostHeaderPoisoning"></a>
        <span>5.2.2</span>
        <span>Host Header Poisoning</span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
    <div></div>
    <div>OWASP Top 10: </div>
    <div>PCI 3.2: </div>
    <h4>Summary</h4>
    <div class="rule-details">Host header poisoning occurs when software uses code like: 
&lt;a href=""""&lt;?=$_SERVER['HTTP_HOST']?&gt;/login""""&gt;Login&lt;/a&gt;
The Host header can be controlled by the user and modified leading to links constructed with an arbitrary domain.</div>
        <h4>Explanation</h4>
        <div class="rule-details">Host header poisoning may lead to arbitrary redirects, cache poisoning, and social engineering.</div>
        <h4>Execution</h4>
        <div class="rule-details">Modify the host header value of an HTTP request to an arbitrary value and observe the response for references to that value.</div>
        <h4>Recommendation</h4>
        <div class="rule-details">Recommended to use the following best practices to prevent such attacks within the coding:<br><br>Do not use the Host header to construct hyperlinks. If you must, implement input validation and/or whitelist allowed values. <br><br>Disable any configuration that results in the host header being output.</div>
        <h4>References</h4>
        <div class="rule-details"><p><a href="http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html">Practical HTTP Host Header Attacks</a></p>
<p><a href="https://www.owasp.org/index.php/Cache_Poisoning">OWASP Cache Poisoning</a></p></div>
    <div class="page-break"></div>
    <h4>Instances</h4>
    <div>
        <span class="text-primary">Host Header Poisoning</span>
        <span class="pull-right text-severity-low">Low</span>
    </div>
        <table class="table table-striped table-condensed issue-detail-instances">
            <thead>
                <tr>
                    <td class="text-left block-header">Location</td>
                </tr>
            </thead>
            <tbody class="small">
                    <tr>
                        <td>
                                    <span><a href="#24315289cee64dd38fb088af4754815c">ID 34531834</a>  - https:​/​/www​.dashanqy​.com​/upfiles</span>

                        </td>
                    </tr>
        <tr class="audit-data allow-break">
            <td colspan="1">
                <table>
                    <tr>
                        <td style="width: 25%;">Assigned To: Not Set</td>
                        <td style="width: 37.5%;">Developer Status: Not Set</td>
                        <td style="width: 37.5%;">Auditor Status: Not Set</td>
                    </tr>
                </table>



            </td>
        </tr>
            </tbody>
        </table>
    <div class="page-break"></div>
    <h3>
            <a name="InsecureTransportHSTSnotSet"></a>
        <span>5.2.3</span>
        <span>Insecure Transport: HSTS not Set</span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
    <div>CWE-319</div>
    <div>OWASP Top 10: A3</div>
    <div>PCI 3.2: 6.5.4 Insecure Communications</div>
    <h4>Summary</h4>
    <div class="rule-details"><br />Http Strict Transport Security  (HSTS) policy enables web applications to enforce web browsers to restrict communication with the server over an encrypted SSL/TLS connection for a set period. Policy is declared via special Strict Transport Security response header. Encrypted connection protects sensitive user and session data from attackers eavesdropping on network connection. 
<br /> 
Consider following attack scenarios:
<br /><ul><li>Users often omit the URI scheme i.e. https:// when typing a URL in location bar to access a website. Also third party websites can link to the site using the “http” scheme instead of "”https”. This could result in an initial connection to a HTTPS-enabled site over an unencrypted channel. An eavesdropping attacker can hijack this unencrypted connection and replace the intended use of HTTPS protocol with HTTP in an attack known as SSLStrip, granting unauthorized access to all subsequent traffic. </li><li>Websites often transfer non-sensitive resources such as help documents over an unencrypted HTTP connection. Any cookies without a secure flag are sent along with such requests potentially disclosing sensitive user and session data to eavesdropper.</li><li>Man-in-the-Middle attacks that exploit user tendencies to override invalid certification warnings, e.g. SSLSniff. </li></ul><br />
For web sites configured with an accurate HSTS policy, browsers automatically upgrade any HTTP connections to HTTPS. Furthermore, browsers prevent users from overriding any host certificate warnings. HSTS offers an effective defense against above attack scenarios.</div>
        <h4>Explanation</h4>
        <div class="rule-details">A successful MiTM attack such as SSLStrip or SSLsniff can lead to the compromise of sensitive user data such as financial information, Social Security Number, personal information etc. as well as grant unauthorized access to user accounts enabling attackers to perform privileged actions on client’s behalf.</div>
        <h4>Execution</h4>
        <div class="rule-details">Access location https://www.dashanqy.com:443/images/ and notice the absence of the  Strict Transport Security header in the HTTP response.</div>
        <h4>Recommendation</h4>
        <div class="rule-details">Configure the web application under test to include Strict Transport Security header in every response generated by an HTTPS-enabled site. Any HTTP version of site on the same domain should permanently redirect to the secure encrypted site. Header should not be added to HTTP response as browsers will ignore it.
<br /><br />
It is important to note that this header does not prevent from above mentioned attack scenarios during the very first connection to the site or any connections established after the set period has expired. To prevent such a scenario, the site must be added to the pre-loaded HSTS hosts list embedded in both Google Chrome and Mozilla Firefox browsers.</div>
        <h4>References</h4>
        <div class="rule-details"><br /><a href="http://tools.ietf.org/html/rfc6797">http://tools.ietf.org/html/rfc6797</a></div>
    <div class="page-break"></div>
    <h4>Instances</h4>
    <div>
        <span class="text-primary">Insecure Transport: HSTS not Set</span>
        <span class="pull-right text-severity-low">Low</span>
    </div>
        <table class="table table-striped table-condensed issue-detail-instances">
            <thead>
                <tr>
                    <td class="text-left block-header">Location</td>
                </tr>
            </thead>
            <tbody class="small">
                    <tr>
                        <td>
                                    <span><a href="#683262c6b79e49d4ac0e6ba79fbd93e8">ID 59275861</a>  - https:​/​/www​.dashanqy​.com:443​/images​/</span>

                        </td>
                    </tr>
        <tr class="audit-data allow-break">
            <td colspan="1">
                <table>
                    <tr>
                        <td style="width: 25%;">Assigned To: Not Set</td>
                        <td style="width: 37.5%;">Developer Status: Not Set</td>
                        <td style="width: 37.5%;">Auditor Status: Not Set</td>
                    </tr>
                </table>



            </td>
        </tr>
            </tbody>
        </table>
    <div class="page-break"></div>
    <h3>
            <a name="InsecureTransportWeakSSLCipher"></a>
        <span>5.2.4</span>
        <span>Insecure Transport: Weak SSL Cipher</span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
    <div>CWE-327, CWE-326, CWE-319</div>
    <div>OWASP Top 10: A6</div>
    <div>PCI 3.2: 4.1 Use strong cryptography and security protocols, 6.5.4 Insecure Communications</div>
    <h4>Summary</h4>
    <div class="rule-details">WebInspect has detected support for weak TLS/SSL ciphers on server <b>https://www.dashanqy.com:443/</b> .
<br /><br />
The Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols provide a mechanism to help protect authenticity, confidentiality and integrity of the data transmitted between a client and web server. The strength of this protection mechanism is determined by the authentication, encryption and hashing algorithms, collectively known as a cipher suite, chosen for the transmission of sensitive information over the TLS/SSL channel. Most Web servers support a range of such cipher suites of varying strengths. Using a weak cipher or an encryption key of insufficient length, for example, could allow an attacker to defeat the protection mechanism and steal or modify sensitive information. 
<br /><br />
If misconfigured, a web server could be manipulated into choosing weak cipher suites. Recommendations include updating the web server configuration to always choose the strongest ciphers for encryption.</div>
        <h4>Explanation</h4>
        <div class="rule-details">A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current methods and resources. An attacker may be able to execute a man-in-the-middle attack which would allow them to intercept, monitor and tamper with sensitive data.</div>
        <h4>Execution</h4>
        <div class="rule-details"><br />Each weak cipher was enumerated by establishing an SSL connection with the target host and specifying the cipher to test in the Client Hello message of the SSL handshake.</div>
        <h4>Recommendation</h4>
        <div class="rule-details">Disable support for weak ciphers on the server. Weak ciphers are generally defined as:
<ul><li>Any cipher with key length less than 128 bits</li><li>Export-class cipher suites</li><li>NULL ciphers</li><li>Ciphers that support unauthenticated modes</li><li>Ciphers assessed at security strenghts below 112 bits</li><li>All RC4 ciphers</li><li>All 64-bit block ciphers</li></ul>
 
The following ciphers supported by the server are weak and should be disabled:<br /><b><ul><li>TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)</li><li>TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)</li></ul></b><br /><br />The weak cipher list above also includes ciphers that enable conditions for SWEET32 cipher attacks.  The vulnerability affects all 64-bit block ciphers such as 3DES and Blowfish.  The vulnerability is independent of the number of keys and/or the key length used in the cipher.  It could allow attackers to obtain cleartext data from long-lived encrypted sessions.  The vulnerability is identified by CVE-2016-2183 and CVE-2016-6329. <br/><br/>The following 64-bit block ciphers should be removed from the target server configuration to prevent SWEET32 attacks:<br/> <b><ul><li>TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)</li><li>TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)</li></ul></b><br/><ul><li>For Apache, modify the following lines in httpd.conf or ssl.conf:</li><ul><li>SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!NULL:!RC4:!RC2:!DES:!3DES+HIGH:+MEDIUM</li></ul><li>For IIS, please refer to Microsoft Knowledge Base Articles:</li><ul><li>Article ID: 187498</li><li>Article ID: 245030 and</li><li>Security Guidance for IIS</li><li>Article ID: 2868725</li></ul><li>For other servers, please refer to vendor specific documentation.</li></ul><br />
The following ciphers supported by the server should provide adequate protection and may be left enabled:<br /><b><ul><li>TLS_RSA_WITH_AES_256_CBC_SHA (0x35)</li><li>TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)</li><li>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)</li><li>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)</li><li>TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)</li><li>TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)</li><li>TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)</li><li>TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)</li><li>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)</li><li>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)</li><li>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)</li><li>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)</li></ul></b></div>
        <h4>References</h4>
        <div class="rule-details"><br /><b>OWASP:</b><br /><a href="https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet">Transport Layer Protection Cheat Sheet</a><br /><br /><b>PCI Security Standards Council:</b><br /><a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">PCI DSS v3.1</a><br /><br /><b>CVE</b><br /><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566f">CVE-2013-2566</a><br /><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183">CVE-2016-2183</a><br /><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6329">CVE-2016-6329</a><br /><br /><b>NIST</b><br /><a href="http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf">NIST Special Publication 800-131A</a><br /><br /><b>Microsoft:</b><br /><a href="https://support.microsoft.com/en-us/kb/2868725">Knowledge Base Article ID: 2868725</a><br /><a href="http://support.microsoft.com/kb/187498">Knowledge Base Article ID: 187498</a><br /><a href="http://support.microsoft.com/kb/245030/">Knowledge Base Article ID: 245030</a><br /><a href="http://technet.microsoft.com/en-us/library/dd450371%28WS.10%29.aspx">Security Guidance for IIS</a><br /><br /><b>Apache:</b><br /><a href="http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html">SSL/TLS Strong Encryption: FAQ</a><br /><br /><b>RC4:</b><br /><a href="https://www.schneier.com/blog/archives/2013/03/new_rc4_attack.html">New RC4 Attack</a><br /><br /><b>ACM CCS '16</b><br /><a href="http://dl.acm.org/citation.cfm?id=2978423">On the Practical (In-)Security of 64-bit Block Ciphers: Collision Attacks on HTTP over TLS and OpenVPN</a></div>
    <div class="page-break"></div>
    <h4>Instances</h4>
    <div>
        <span class="text-primary">Insecure Transport: Weak SSL Cipher</span>
        <span class="pull-right text-severity-low">Low</span>
    </div>
        <table class="table table-striped table-condensed issue-detail-instances">
            <thead>
                <tr>
                    <td class="text-left block-header">Location</td>
                </tr>
            </thead>
            <tbody class="small">
                    <tr>
                        <td>
                                    <span><a href="#5bfa2c9e2bd9463ea5393f12a4eeb471">ID 59275865</a>  - https:​/​/www​.dashanqy​.com:443​/company​.aspx</span>

                        </td>
                    </tr>
        <tr class="audit-data allow-break">
            <td colspan="1">
                <table>
                    <tr>
                        <td style="width: 25%;">Assigned To: Not Set</td>
                        <td style="width: 37.5%;">Developer Status: Not Set</td>
                        <td style="width: 37.5%;">Auditor Status: Not Set</td>
                    </tr>
                </table>



            </td>
        </tr>
            </tbody>
        </table>
    <div class="page-break"></div>
    <h3>
            <a name="InsecureTransportWeakSSLProtocol"></a>
        <span>5.2.5</span>
        <span>Insecure Transport: Weak SSL Protocol</span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
    <div>CWE-327</div>
    <div>OWASP Top 10: A6</div>
    <div>PCI 3.2: 4.1 Use strong cryptography and security protocols, 6.5.4 Insecure Communications</div>
    <h4>Summary</h4>
    <div class="rule-details"><br />
The Transport Layer Security (TLS) protocol provides a protection mechanism to better protect authenticity, confidentiality and integrity of the data transmitted between a client and a web server.  The TLS protocol has undergone various revisions resulting in periodic version updates. Each revision tries to address security weakness in prior versions and incorporate support for the latest in security measures.  It is strongly recommended to use the latest version of the available protocol, whenever possible. 
<br /><br />
TLS 1.0 is considered insecure as it lacks support for strong ciphersuites and is known to be plagued by several known vulnerabilities.  It either uses RC4 cipher, which is prone to bias attacks or uses Cipher Block Chaining (CBC) mode cipher, which enables condition for POODLE (Padding Oracle On Downgraded Legacy Encryption) attacks. 
<br /><br />
NIST Special Publication 800-52 Revision 1 no longer considers TLS 1.0 as strong cryptography.  TLS 1.0 is also no longer in compliance with PCI DSS v3.1 requirements.  PCI does not consider TLS 1.0 to be adequate to protect cardholder data and has deprecated its use starting June 2016.

<br /><b>Update: PCI DSS has extended deadline for migration to TLS1.1 or above to June 30, 2018. However, an early migration is recommended  to ensure security of your data and applications.</b><br /><br /><i></i><br />
Use of insecure protocol versions will weaken the strength of the transport protection and could allow an attacker to compromise, steal or modify sensitive information. Configuring the web server to use the most secure protocol, TLS 1.1 or TLS 1.2 is highly recommended.
<br /></div>
        <h4>Explanation</h4>
        <div class="rule-details"><br />Use of a weak protocol such as TLS 1.0 leaves the connection vulnerable to man-in-the-middle attacks.  This would allow the attacker to read and modify data on a secure TLS connection, thus compromising user security and privacy.  Its use would also limit the use of strong cipher suites that help protect data integrity and confidentiality.</div>
        <h4>Recommendation</h4>
        <div class="rule-details"><br />Disable support for the TLS 1.0 protocol on the server.  Both NIST 800-52  and PCI DSS v3.1 strongly recommend upgrade to the latest version of TLS available, TLS 1.2.    Or, at a minimum an upgrade to TLS 1.1.

<ul><li>For Apache, modify the following lines in the server configuration</li><ul><li>SSLProtocol ALL –SSLv2 -SSLv3 -TLSv1</li></ul><li>For Nginx, modify the following lines in server configuration:</li><ul><li>ssl_protocols TLSv1.1 TLSv1.2;</li></ul><li>For IIS, please refer to Microsoft Knowledge Base Articles:</li><ul><li><a href="’https://technet.microsoft.com/library/security/3009008’">https://technet.microsoft.com/library/security/3009008</a></li></ul><li>For other servers, please refer to vendor specific documentation.</li></ul></div>
        <h4>References</h4>
        <div class="rule-details"><br /><b>OWASP:</b><br /><a href="https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet">Transport Layer Protection Cheat Sheet</a><br /><br /><b>NIST:</b><br /><a href="http://www.nist.gov/customcf/get_pdf.cfm?pub_id=915856">NIST SP 800-52 Revision 1</a><br /><br /><b>PCI Security Standards Council:</b><br /><a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">PCI DSS v3.1</a><br /><a href="https://www.pcisecuritystandards.org/documents/Migrating_from_SSL_Early_TLS_Information%20Supplement_v1.pdf">Migrating from SSL and Early TLS</a><br /><a href="https://www.pcisecuritystandards.org/pdfs/15_03_25_PCI_SSC_FAQ_SSL_Protocol_Vulnerability_Revisions_to_PCI_DSS_PAD.pdf">PCI SSC FAQ on impending revisions to PCI DSS, PA-DSS to address SSL protocol vulnerability</a><br /><br /><b>Microsoft:</b><br /><a href="http://support.microsoft.com/kb/187498">Knowledge Base Article ID: 187498</a><br /><a href="http://support.microsoft.com/kb/245030/">Knowledge Base Article ID: 245030</a><br /><a href="http://technet.microsoft.com/en-us/library/dd450371%28WS.10%29.aspx">Security Guidance for IIS</a><br /><br /><b>Apache:</b><br /><a href="http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html">SSL/TLS Strong Encryption: FAQ</a><br /><br /><b>CVE-2014-8730</b><br /><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8730">CVE-2014-8730</a><br /><br /><b>POODLE Vulnerability Expands Beyond SSLv3 to TLS 1.0 and 1.1</b><br /><a href="https://www.globalsign.com/en/blog/poodle-vulnerability-expands-beyond-sslv3-to-tls/">https://www.globalsign.com/en/blog/poodle-vulnerability-expands-beyond-sslv3-to-tls/</a><br /><br /><b>TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks</b><br /><a href="https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00">https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00l</a><br /></div>
    <div class="page-break"></div>
    <h4>Instances</h4>
    <div>
        <span class="text-primary">Insecure Transport: Weak SSL Protocol</span>
        <span class="pull-right text-severity-low">Low</span>
    </div>
        <table class="table table-striped table-condensed issue-detail-instances">
            <thead>
                <tr>
                    <td class="text-left block-header">Location</td>
                </tr>
            </thead>
            <tbody class="small">
                    <tr>
                        <td>
                                    <span><a href="#9caf673627fd4444863e47320bf523dc">ID 43433790</a>  - https:​/​/www​.dashanqy​.com​/</span>

                        </td>
                    </tr>
        <tr class="audit-data allow-break">
            <td colspan="1">
                <table>
                    <tr>
                        <td style="width: 25%;">Assigned To: Not Set</td>
                        <td style="width: 37.5%;">Developer Status: Not Set</td>
                        <td style="width: 37.5%;">Auditor Status: Not Set</td>
                    </tr>
                </table>



                    <h5>Screenshots</h5>
                        <div class="center">
                            <img src="" />
                        </div>
                        <div class="center">
                            <img src="" />
                        </div>
            </td>
        </tr>
                    <tr>
                        <td>
                                    <span><a href="#99723eb1327841828c027958716635ba">ID 43433791</a>  - https:​/​/www​.dashanqy​.com​/</span>

                        </td>
                    </tr>
        <tr class="audit-data allow-break">
            <td colspan="1">
                <table>
                    <tr>
                        <td style="width: 25%;">Assigned To: Not Set</td>
                        <td style="width: 37.5%;">Developer Status: Not Set</td>
                        <td style="width: 37.5%;">Auditor Status: Not Set</td>
                    </tr>
                </table>



                    <h5>Screenshots</h5>
                        <div class="center">
                            <img src="" />
                        </div>
                        <div class="center">
                            <img src="" />
                        </div>
            </td>
        </tr>
            </tbody>
        </table>
    <div class="page-break"></div>
    <h3>
            <a name="OftenMisusedFileUpload"></a>
        <span>5.2.6</span>
        <span>Often Misused: File Upload</span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
    <div>CWE-434, CWE-284</div>
    <div>OWASP Top 10: A1</div>
    <div>PCI 3.2: 6.5.1 Injection Flaws</div>
    <h4>Summary</h4>
    <div class="rule-details">An indicator of file upload capability was found.  File upload capability allows a web user to send a file from his or her computer to the webserver.  If the web application that receives the file does not carefully examine it for malicious content, an attacker may be able to use file uploads to execute arbitrary commands on the server. Recommendations include adopting a strict file upload policy that prevents malicious material from being uploaded via sanitization and filtering.
</div>
        <h4>Explanation</h4>
        <div class="rule-details"><br />The exact implications depend upon the nature of the files an attacker would be able to upload.  Implications range from unauthorized content publishing to aid in phising attacks, all the way to full compromise of the web server.</div>
        <h4>Recommendation</h4>
        <div class="rule-details"><br /><b>For Security Operations:</b><br />This check is part of unknown application testing.  Unknown application testing seeks to uncover new vulnerabilities in both custom and commercial software.  Because of this, there are no specific patches or descriptions for this issue. If there is no apparent file upload capability on the page, this check may be safely ignored.  You can instruct the scanner to ignore this vulnerability by right-clicking the vulnerability node on the displayed results tree and click "Ignore Vulnerability." 

<br /><br /><b>For QA:</b><br />This issue will need to be resolved in the production code. Notify the appropriate developer of this issue. 

<br /><br /><b>For Development:</b><br />Ensure that the following steps are taken to sanitize the file being received:<br /><br /><ul><li>Limit the types of files that can be uploaded.  For instance, on an image upload page, any file other than a .jpg should be refused.</li><li>Ensure that the web user has no control whatsoever over the name and location of the uploaded file on the server. </li><li>Never use the name that the user assigns it.  </li><li>Never derive the filename from the web user's username or session ID. </li><li>Do not place the file in a directory accessible by web users.  It is preferable for this location to be outside of the webroot.</li><li>Ensure that strict permissions are set on both the uploaded file and the directory it is located in.</li><li>Do not allow execute permissions on uploaded files.  If possible, deny all permission for all users but the web application user.</li><li>Verify that the uploaded file contains appropriate content.  For instance, an uploaded JPEG should have a standard JPEG file header.</li></ul></div>
    <div class="page-break"></div>
    <h4>Instances</h4>
    <div>
        <span class="text-primary">Often Misused: File Upload</span>
        <span class="pull-right text-severity-low">Low</span>
    </div>
        <table class="table table-striped table-condensed issue-detail-instances">
            <thead>
                <tr>
                    <td class="text-left block-header">Location</td>
                </tr>
            </thead>
            <tbody class="small">
                    <tr>
                        <td>
                                    <span><a href="#cf321a717cda44d6b07e7ba9bece4e2c">ID 34530894</a>  - https:​/​/www​.dashanqy​.com:443​/jobjoin​.aspx</span>

                        </td>
                    </tr>
        <tr class="audit-data allow-break">
            <td colspan="1">
                <table>
                    <tr>
                        <td style="width: 25%;">Assigned To: Not Set</td>
                        <td style="width: 37.5%;">Developer Status: Not Set</td>
                        <td style="width: 37.5%;">Auditor Status: Not Set</td>
                    </tr>
                </table>


                    <h5>Notes</h5>
                    <pre>The following URLs were rolled into this vulnerability and are also applicable:


https://www.dashanqy.com/joinform.aspx

The following URLs were rolled into this vulnerability and are also applicable:


https://www.dashanqy.com/joinform.aspx

The following URLs were rolled into this vulnerability and are also applicable:


https://www.dashanqy.com/joinform.aspx
</pre>

            </td>
        </tr>
            </tbody>
        </table>
    <div class="page-break"></div>
    <h3>
            <a name="SystemInformationLeakExternal"></a>
        <span>5.2.7</span>
        <span>System Information Leak: External</span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
    <div></div>
    <div>OWASP Top 10: </div>
    <div>PCI 3.2: </div>
    <h4>Summary</h4>
    <div class="rule-details">The server discloses server version information in the response.<br/></div>
        <h4>Explanation</h4>
        <div class="rule-details">Exact version information provided to an attacker assists in the exploitation of vulnerable software packages.<br/><br/>Additionally, server information maybe cached and easily searchable in public databases such as Shodan, increasing the likelihood of exploitation in the event a vulnerability is discovered in the affected package.</div>
        <h4>Execution</h4>
        <div class="rule-details">Browse the affected site through an interception proxy. View the server responses.</div>
        <h4>Recommendation</h4>
        <div class="rule-details">Server responses should not reveal the specific version of the service that is running or return any versioning within the response.<br/><br/>Consult server-specific documentation to determine the correct approach for obscuring this information.</div>
        <h4>References</h4>
        <div class="rule-details"><p><a href="http://www.if-not-true-then-false.com/2009/howto-hide-and-modify-apache-server-information-serversignature-and-servertokens-and-hide-php-version-x-powered-by/">Hide Apache ServerSignature/ServerTokens/PHP X-Powered-By</a></p><br/><p><a href="http://www.4guysfromrolla.com/articles/120209-1.aspx">Removing Unnecessary HTTP Headers in IIS and ASP.NET</a></p><br/><p><a href="https://www.owasp.org/index.php/Information_Leakage">OWASP Information Leakage</a></p></div>
    <div class="page-break"></div>
    <h4>Instances</h4>
    <div>
        <span class="text-primary">System Information Leak: External</span>
        <span class="pull-right text-severity-low">Low</span>
    </div>
        <table class="table table-striped table-condensed issue-detail-instances">
            <thead>
                <tr>
                    <td class="text-left block-header">Location</td>
                </tr>
            </thead>
            <tbody class="small">
                    <tr>
                        <td>
                                    <span><a href="#b32c00c61bfc43178e97cc7c7b0887d5">ID 34531726</a>  - https:​/​/www​.dashanqy​.com​/%3c</span>

                        </td>
                    </tr>
        <tr class="audit-data allow-break">
            <td colspan="1">
                <table>
                    <tr>
                        <td style="width: 25%;">Assigned To: Not Set</td>
                        <td style="width: 37.5%;">Developer Status: Not Set</td>
                        <td style="width: 37.5%;">Auditor Status: Not Set</td>
                    </tr>
                </table>



            </td>
        </tr>
            </tbody>
        </table>
    <div class="page-break"></div>



<h2>Request and Response</h2>
<span id="request-response" data-bookmark-enabled="true" data-bookmark-level="1" data-bookmark-text="6. Dynamic Request &amp; Response"></span>

<p>Below is an enumeration of all dynamic issues with their request and response sections.</p>

    <h3>
        <span>6.1.1</span>
        <span>
                <a href="#CodeCorrectnessUntestedFunctionality">Code Correctness: Untested Functionality</a>
        </span>
        <span class="pull-right text-severity-medium">Medium</span>

    </h3>
        <div class="block-header bg-primary">
                <a name="d3dd2e2673204486aebedb801e25f442"></a>
            ID 59395286 - https://www.dashanqy.com/login.aspx
        </div>
        <div class="block-header bg-gray">Request</div>
        <div class="syntax">
            <div class='line'><span class='default'>GET /login.aspx HTTP/1.1</span></div>
<div class='line'><span class='HeaderName'>Host:</span><span class='HeaderValue'> www.dashanqy.com</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Upgrade-Insecure-Requests:</span><span class='HeaderValue'> 1</span></div>
<div class='line'><span class='HeaderName'>User-Agent:</span><span class='HeaderValue'> Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36</span></div>
<div class='line'><span class='HeaderName'>Accept:</span><span class='HeaderValue'> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;</span></div>
<div class='line'><span class='HeaderValue'>q=0.8</span></div>
<div class='line'><span class='HeaderName'>Accept-Encoding:</span><span class='HeaderValue'> gzip, deflate</span></div>
<div class='line'><span class='HeaderName'>Accept-Language:</span><span class='HeaderValue'> en-US,en;q=0.9</span></div>
<div class='line'><span class='HeaderName'>Cookie:</span><span class='HeaderValue'> ASP.NET_SessionId=zewd10kwg2w5knbytr2modpw; TS016d37e8=01851f6ed5651531a423c44f6f6dc6321d9e41933be25d94e3ff51520d0db2b2aed6f</span></div>
<div class='line'><span class='HeaderValue'>c28cbdf1a44426dacabb99c5efe88fc977e4f7c79de4fb4cb1d67a64560510ec17f554046fa57622</span></div>
<div class='line'><span class='HeaderValue'>07a2a69b0a1822f6ba1c0</span></div>
<div class='line'><span class='default'><br /></span></div>

        </div>
        <div class="block-header bg-gray">Response</div>
        <div class="syntax">
            <div class='line'><span class='default'>HTTP/1.1 200 OK</span></div>
<div class='line'><span class='HeaderName'>Cache-Control:</span><span class='HeaderValue'> private</span></div>
<div class='line'><span class='HeaderName'>Content-Type:</span><span class='HeaderValue'> text/html; charset=utf-8</span></div>
<div class='line'><span class='HeaderName'>Vary:</span><span class='HeaderValue'> Accept-Encoding</span></div>
<div class='line'><span class='HeaderName'>Set-Cookie:</span><span class='HeaderValue'> token=; expires=Sun, 08-Apr-2018 18:50:50 GMT; path=/; secure; HttpOnly</span></div>
<div class='line'><span class='HeaderName'>X-Powered-By:</span><span class='HeaderValue'> ASP.NET</span></div>
<div class='line'><span class='HeaderName'>X-Frame-Options:</span><span class='HeaderValue'> SAMEORIGIN</span></div>
<div class='line'><span class='HeaderName'>Date:</span><span class='HeaderValue'> Mon, 09 Apr 2018 18:50:50 GMT</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Content-Length:</span><span class='HeaderValue'> 6680</span></div>
<div class='line'><span class='HeaderName'>Set-Cookie:</span><span class='HeaderValue'> TS016d37e8=01851f6ed5651531a423c44f6f6dc6321d9e41933be25d94e3ff51520d0db2b2aed6f</span></div>
<div class='line'><span class='HeaderValue'>c28cbdf1a44426dacabb99c5efe88fc977e4f7c79de4fb4cb1d67a64560510ec17f554046fa57622</span></div>
<div class='line'><span class='HeaderValue'>07a2a69b0a1822f6ba1c0; Path=/</span></div>
<div class='line'>&nbsp; </div>
<div class='line'>&nbsp; </div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"></span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>html</span><span class='default'> </span><span class='AttrName'>xmlns</span><span class='default'>=</span><span class='AttrValue'>"http://www.w3.org/1999/xhtml"</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>head</span><span class='default'>>&lt;</span><span class='ElementName'>title</span><span class='default'>></span></div>
<div class='line'><span class='default'>	å¤§å±±äºåå±±æ³å®ç½ç®¡çåå°</span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>/title</span><span class='default'>>&lt;</span><span class='ElementName'>link</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"css/login.css"</span><span class='default'> </span><span class='AttrName'>rel</span><span class='default'>=</span><span class='AttrValue'>"stylesheet"</span><span class='default'> </span><span class='AttrName'>type</span><span class='default'>=</span><span class='AttrValue'>"text/css"</span><span class='default'> /></span></div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>script</span><span class='default'> </span><span class='AttrName'>src</span><span class='default'>=</span><span class='AttrValue'>"js/jquery.min.js"</span><span class='default'> </span><span class='AttrName'>type</span><span class='default'>=</span><span class='AttrValue'>"text/javascript"</span><span class='default'>>&lt;</span><span class='ElementName'>/script</span><span class='default'>></span></div>
<div class='line'><span class='default'>    &lt;meta http-equiv="X-Frame-Options" content="deny" />&lt;meta http-equiv="windows-Target" contect="_top" /></span></div>
<div class='line'><span class='default'>    &lt;style></span></div>
<div class='line'><span class='default'>        .formdiv {</span></div>
<div class='line'><span class='default'>            width: 310px;</span></div>
<div class='line'><span class='default'>            height: 330px;</span></div>
<div class='line'><span class='default'>            margin-top: 141px;</span></div>
<div class='line'><span class='default'>            margin-left: 66px;</span></div>
<div class='line'><span class='default'>            float: left;</span></div>
<div class='line'><span class='default'>            text-align: left;</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>            .formdiv p {</span></div>
<div class='line'><span class='default'>                width: 99%;</span></div>
<div class='line'><span class='default'>                height: 62px;</span></div>
<div class='line'><span class='default'>                line-height: 57px;</span></div>
<div class='line'><span class='default'>            }</span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>            .formdiv input {</span></div>
<div class='line'><span class='default'>                height: 38px;</span></div>
<div class='line'><span class='default'>                margin-top: 6px;</span></div>
<div class='line'><span class='default'>                font-size: 20px;</span></div>
<div class='line'><span class='default'>            }</span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>            .formdiv #CheckBox1 {</span></div>
<div class='line'><span class='default'>                width: 32px;</span></div>
<div class='line'><span class='default'>                margin-top: 8px;</span></div>
<div class='line'><span class='default'>                background-image: url(images/sel.png);</span></div>
<div class='line'><span class='default'>            }</span></div>
<div class='line'><span class='default'>    &lt;/style></span></div>
<div class='line'><span class='default'>&lt;/head></span></div>
<div class='line'><span class='default'>&lt;body></span></div>
<div class='line'><span class='default'>    &lt;form method="post" action="./login.aspx" id="form1"></span></div>
<div class='line'><span class='default'>&lt;div class="aspNetHidden"></span></div>
<div class='line'><span class='default'>&lt;input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTE0MzUzNDU0MjdkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCB</span></div>
<div class='line'><span class='default'>QlCVE5fTG9naW4FCUNoZWNrQm94MfDjyfpLwCVWSrY2VcaSaLR5OVXc" /></span></div>
<div class='line'><span class='default'>&lt;/div></span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>&lt;div class="aspNetHidden"></span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>	&lt;input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" /></span></div>
<div class='line'><span class='default'>&lt;/div></span></div>
<div class='line'><span class='default'>        &lt;div style="width: 100%; height: 676px; background: url(images/bj.jpg); background-repeat: repeat-x;"></span></div>
<div class='line'><span class='default'>            &lt;div style="margin: 0 auto; width: 1157px; height: 676px; background: url(images/login_bj.jpg); background-repeat: no-repeat; text-align: center;"></span></div>
<div class='line'><span class='default'>                &lt;div style="padding-top: 71px;"></span></div>
<div class='line'><span class='default'>                    &lt;img src="images/login_txt.png"></span></div>
<div class='line'><span class='default'>                &lt;/div></span></div>
<div class='line'><span class='default'>                &lt;div style="width: 1157px; height: 320px;"></span></div>
<div class='line'><span class='default'>                    &lt;div style="width: 591px; height: 173px; margin-top: 169px; float: left;"></span></div>
<div class='line'><span class='default'>                        &lt;img src="images/logo.png"></span></div>
<div class='line'><span class='default'>                    &lt;/div></span></div>
<div class='line'><span class='default'>                    &lt;div class="formdiv"></span></div>
<div class='line'><span class='default'>                        &lt;p></span></div>
<div class='line'><span class='default'>                            &lt;input name="TextBox_UserName" type="text" id="TextBox_UserName" autocomplete="off" style="width:293px;" /></span></div>
<div class='line'><span class='default'>                        &lt;/p></span></div>
<div class='line'><span class='default'>                        &lt;p></span></div>
<div class='line'><span class='default'>                            &lt;input name="TextBox_Password" type="password" id="TextBox_Password" autocomplete="off" style="width:293px;" /></span></div>
<div class='line'><span class='default'>                        &lt;/p></span></div>
<div class='line'><span class='default'>                        &lt;p></span></div>
<div class='line'><span class='default'>                            &lt;input name="validateCode" type="text" id="validateCode" style="width:160px;" /></span></div>
<div class='line'><span class='default'>                            &lt;span style="margin-left: 17px;"></span></div>
<div class='line'><span class='default'>                                &lt;script type="text/javascript"></span><span class='JSComment'>/*&lt;![CDATA[*/</span></div>
<div class='line'><span class='default'>                                    document.write('&lt;a href="#" onclick="document.getElementById(\'ImgPic\').src=\'ValidateImg.aspx?temp=\'+ (</span><span class='JSKeyword'>new</span><span class='default'> Date().getTime().toString(36)); </span><span class='JSKeyword'>return</span><span class='default'> false">&lt;img id="ImgPic" border="0" alt="å¦çä¸å°å¾çï¼è¯·ç¹å»å·æ°" src="ValidateImg.aspx?temp=' + (</span><span class='JSKeyword'>new</span><span class='default'> Date().getTime().toString(36)) + '" width="36%" />&lt;/a>');</span></div>
<div class='line'><span class='default'>                                    </span><span class='JSComment'>/*]]>*/</span><span class='default'>&lt;/script></span></div>
<div class='line'><span class='default'>                            &lt;</span><span class='ElementName'>/span</span><span class='default'>></span></div>
<div class='line'><span class='default'>                        &lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>                        &lt;</span><span class='ElementName'>p</span><span class='default'>></span></div>
<div class='line'><span class='default'>                            &lt;</span><span class='ElementName'>img</span><span class='default'> </span><span class='AttrName'>src</span><span class='default'>=</span><span class='AttrValue'>"images/sel.png"</span><span class='default'> </span><span class='AttrName'>id</span><span class='default'>=</span><span class='AttrValue'>"showsel"</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"margin-top: 20px;"</span><span class='default'> </span><span class='AttrName'>alt</span><span class='default'>=</span><span class='AttrValue'>""</span><span class='default'> /></span></div>
<div class='line'><span class='default'>                        &lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>                        &lt;</span><span class='ElementName'>p</span><span class='default'>></span></div>
<div class='line'><span class='default'>                            &lt;</span><span class='ElementName'>input</span><span class='default'> </span><span class='AttrName'>type</span><span class='default'>=</span><span class='AttrValue'>"image"</span><span class='default'> </span><span class='AttrName'>name</span><span class='default'>=</span><span class='AttrValue'>"BTN_Login"</span><span class='default'> </span><span class='AttrName'>id</span><span class='default'>=</span><span class='AttrValue'>"BTN_Login"</span><span class='default'> </span><span class='AttrName'>src</span><span class='default'>=</span><span class='AttrValue'>"images/loginbtn.png"</span><span class='default'> /></span></div>
<div class='line'><span class='default'>                            &lt;</span><span class='ElementName'>span</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"display:none"</span><span class='default'>></span><span class='Text'>debug</span><span class='default'>&lt;</span><span class='ElementName'>/span</span><span class='default'>></span></div>
<div class='line'><span class='default'>                        &lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>                        &lt;</span><span class='ElementName'>p</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"margin-top: -30px; _margin-top: -15px"</span><span class='default'>></span></div>
<div class='line'><span class='default'>                            &lt;</span><span class='ElementName'>span</span><span class='default'> </span><span class='AttrName'>id</span><span class='default'>=</span><span class='AttrValue'>"L1"</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"color:Red;font-size:12px;"</span><span class='default'>>&lt;</span><span class='ElementName'>/span</span><span class='default'>></span></div>
<div class='line'><span class='default'>                        &lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>                    &lt;</span><span class='ElementName'>/div</span><span class='default'>></span></div>
<div class='line'><span class='default'>                    &lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>id</span><span class='default'>=</span><span class='AttrValue'>"checkdiv"</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"display: none;"</span><span class='default'>></span></div>
<div class='line'><span class='default'>                        &lt;</span><span class='ElementName'>span</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"font-size:12px;"</span><span class='default'>>&lt;</span><span class='ElementName'>input</span><span class='default'> </span><span class='AttrName'>id</span><span class='default'>=</span><span class='AttrValue'>"CheckBox1"</span><span class='default'> </span><span class='AttrName'>type</span><span class='default'>=</span><span class='AttrValue'>"checkbox"</span><span class='default'> </span><span class='AttrName'>name</span><span class='default'>=</span><span class='AttrValue'>"CheckBox1"</span><span class='default'> />&lt;</span><span class='ElementName'>/span</span><span class='default'>>&lt;</span><span class='ElementName'>/div</span><span class='default'>></span></div>
<div class='line'><span class='default'>                &lt;</span><span class='ElementName'>/div</span><span class='default'>></span></div>
<div class='line'><span class='default'>            &lt;</span><span class='ElementName'>/div</span><span class='default'>></span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>        &lt;</span><span class='ElementName'>/div</span><span class='default'>></span></div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>/form</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>/body</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>/html</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>script</span><span class='default'> </span><span class='AttrName'>language</span><span class='default'>=</span><span class='AttrValue'>"JavaScript"</span><span class='default'>></span></div>
<div class='line'><span class='default'>    $("#showsel").bind("click", </span><span class='JSKeyword'>function</span><span class='default'> () {</span></div>
<div class='line'><span class='default'>        </span><span class='JSKeyword'>if</span><span class='default'> ($(</span><span class='JSKeyword'>this</span><span class='default'>).attr("src") == "images/sel.png") {</span></div>
<div class='line'><span class='default'>            $("#CheckBox1").attr("checked", </span><span class='JSKeyword'>false</span><span class='default'>);</span></div>
<div class='line'><span class='default'>            $(</span><span class='JSKeyword'>this</span><span class='default'>).attr("src", "images/nosel.png");</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'>        </span><span class='JSKeyword'>else</span><span class='default'> {</span></div>
<div class='line'><span class='default'>            $("#CheckBox1").attr("checked", </span><span class='JSKeyword'>true</span><span class='default'>);</span></div>
<div class='line'><span class='default'>            $(</span><span class='JSKeyword'>this</span><span class='default'>).attr("src", "images/sel.png");</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'>    })</span></div>
<div class='line'><span class='default'>    </span><span class='JSKeyword'>function</span><span class='default'> correctPNG() {</span></div>
<div class='line'><span class='default'>        </span><span class='JSKeyword'>var</span><span class='default'> arVersion = navigator.appVersion.split("MSIE")</span></div>
<div class='line'><span class='default'>        </span><span class='JSKeyword'>var</span><span class='default'> version = parseFloat(arVersion[1])</span></div>
<div class='line'><span class='default'>        </span><span class='JSKeyword'>if</span><span class='default'> ((version >= 5.5) && (document.body.filters)) {</span></div>
<div class='line'><span class='default'>            </span><span class='JSKeyword'>for</span><span class='default'> (</span><span class='JSKeyword'>var</span><span class='default'> j = 0; j &lt; document.images.length; j++) {</span></div>
<div class='line'><span class='default'>                </span><span class='JSKeyword'>var</span><span class='default'> img = document.images[j]</span></div>
<div class='line'><span class='default'>                </span><span class='JSKeyword'>var</span><span class='default'> imgName = img.src.toUpperCase()</span></div>
<div class='line'><span class='default'>                </span><span class='JSKeyword'>if</span><span class='default'> (imgName.substring(imgName.length - 3, imgName.length) == "PNG") {</span></div>
<div class='line'><span class='default'>                    </span><span class='JSKeyword'>var</span><span class='default'> imgID = (img.id) ? "id='" + img.id + "' " : ""</span></div>
<div class='line'><span class='default'>                    </span><span class='JSKeyword'>var</span><span class='default'> imgClass = (img.className) ? "class='" + img.className + "' " : ""</span></div>
<div class='line'><span class='default'>                    </span><span class='JSKeyword'>var</span><span class='default'> imgTitle = (img.title) ? "title='" + img.title + "' " : "title='" + img.alt + "' "</span></div>
<div class='line'><span class='default'>                    </span><span class='JSKeyword'>var</span><span class='default'> imgStyle = "display:inline-block;" + img.style.cssText</span></div>
<div class='line'><span class='default'>                    </span><span class='JSKeyword'>if</span><span class='default'> (img.align == "left") imgStyle = "float:left;" + imgStyle</span></div>
<div class='line'><span class='default'>                    </span><span class='JSKeyword'>if</span><span class='default'> (img.align == "right") imgStyle = "float:right;" + imgStyle</span></div>
<div class='line'><span class='default'>                    </span><span class='JSKeyword'>if</span><span class='default'> (img.parentElement.href) imgStyle = "cursor:hand;" + imgStyle</span></div>
<div class='line'><span class='default'>                    </span><span class='JSKeyword'>var</span><span class='default'> strNewHTML = "&lt;span " + imgID + imgClass + imgTitle</span></div>
<div class='line'><span class='default'>             + " style=\"" + "width:" + img.width + "px; height:" + img.height + "px;" + imgStyle + ";"</span></div>
<div class='line'><span class='default'>             + "filter:progid:DXImageTransform.Microsoft.AlphaImageLoader"</span></div>
<div class='line'><span class='default'>             + "(src=\'" + img.src + "\', sizingMethod='scale');\">&lt;/span>"</span></div>
<div class='line'><span class='default'>                    img.outerHTML = strNewHTML</span></div>
<div class='line'><span class='default'>                    j = j - 1</span></div>
<div class='line'><span class='default'>                }</span></div>
<div class='line'><span class='default'>            }</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'>    }</span></div>
<div class='line'><span class='default'>&lt;/script></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>script</span><span class='default'>></span></div>
<div class='line'><span class='default'>    (function (window) {</span></div>
<div class='line'><span class='default'>        if (window.location !== window.top.location)</span></div>
<div class='line'><span class='default'>            window.top.</span><span class='AttrName'>location</span><span class='default'> = </span><span class='AttrValue'>window.location</span><span class='default'>;</span></div>
<div class='line'><span class='default'>    })(this);</span></div>
<div class='line'><span class='default'>    if (this.top.location !== this.location && (this.top.</span><span class='AttrName'>location</span><span class='default'> = </span><span class='AttrValue'>this.location</span><span class='default'>)) {</span></div>
<div class='line'><span class='default'>        window.top.</span><span class='AttrName'>location</span><span class='default'> = </span><span class='AttrValue'>window.location</span><span class='default'>;</span></div>
<div class='line'><span class='default'>    }</span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>/script</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>style</span><span class='default'>></span></div>
<div class='line'><span class='default'>    html {</span></div>
<div class='line'><span class='default'>        visibility: hidden;</span></div>
<div class='line'><span class='default'>    }</span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>/style</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>script</span><span class='default'>></span></div>
<div class='line'><span class='default'>    if (self == top) {</span></div>
<div class='line'><span class='default'>        document.documentElement.style.</span><span class='AttrName'>visibility</span><span class='default'> = </span><span class='AttrValue'>'visible'</span><span class='default'>;</span></div>
<div class='line'><span class='default'>    } else {</span></div>
<div class='line'><span class='default'>        top.</span><span class='AttrName'>location</span><span class='default'> = </span><span class='AttrValue'>self.location</span><span class='default'>;</span></div>
<div class='line'><span class='default'>    }</span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>/script</span><span class='default'>></span></div>

        </div>
        <div class="page-break"></div>
    <h3>
        <span>6.1.2</span>
        <span>
                <a href="#InsecureDeploymentUnpatchedApplication">Insecure Deployment: Unpatched Application</a>
        </span>
        <span class="pull-right text-severity-medium">Medium</span>

    </h3>
        <div class="block-header bg-primary">
                <a name="792a55b7196b49678cc55246151ff510"></a>
            ID 38054911 - https://www.dashanqy.com/%3c
        </div>
        <div class="block-header bg-gray">Request</div>
        <div class="syntax">
            <div class='line'><span class='default'>GET /%3c HTTP/1.1</span></div>
<div class='line'><span class='HeaderName'>Host:</span><span class='HeaderValue'> www.dashanqy.com</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Upgrade-Insecure-Requests:</span><span class='HeaderValue'> 1</span></div>
<div class='line'><span class='HeaderName'>User-Agent:</span><span class='HeaderValue'> Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36</span></div>
<div class='line'><span class='HeaderName'>Accept:</span><span class='HeaderValue'> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;</span></div>
<div class='line'><span class='HeaderValue'>q=0.8</span></div>
<div class='line'><span class='HeaderName'>Accept-Encoding:</span><span class='HeaderValue'> gzip, deflate</span></div>
<div class='line'><span class='HeaderName'>Accept-Language:</span><span class='HeaderValue'> en-US,en;q=0.9</span></div>
<div class='line'><span class='HeaderName'>Cookie:</span><span class='HeaderValue'> ASP.NET_SessionId=uwflf5f2apq1utt5inzr0i5y; vc=sJDSy5ukXh0%3d; TS016d37e8=01851f6ed545336db65f5ca87bcc05abb7fe3c7912a47dacfc09b58dd9120bb116b13</span></div>
<div class='line'><span class='HeaderValue'>d5dbb6cba3e3c7fbe348e10de7956d35a371157624d9bd6310e4a9e7d02ba1563d4097f5df82f5ae</span></div>
<div class='line'><span class='HeaderValue'>ae8ece4cd4f82c4ce53a6</span></div>
<div class='line'><span class='default'><br /></span></div>

        </div>
        <div class="block-header bg-gray">Response</div>
        <div class="syntax">
            <div class='line'><span class='default'>HTTP/1.1 400 Bad Request</span></div>
<div class='line'><span class='HeaderName'>Cache-Control:</span><span class='HeaderValue'> private</span></div>
<div class='line'><span class='HeaderName'>Content-Type:</span><span class='HeaderValue'> text/html; charset=utf-8</span></div>
<div class='line'><span class='HeaderName'>X-Powered-By:</span><span class='HeaderValue'> ASP.NET</span></div>
<div class='line'><span class='HeaderName'>X-Frame-Options:</span><span class='HeaderValue'> SAMEORIGIN</span></div>
<div class='line'><span class='HeaderName'>Date:</span><span class='HeaderValue'> Mon, 09 Apr 2018 01:15:30 GMT</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Content-Length:</span><span class='HeaderValue'> 3809</span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>&lt;!DOCTYPE html></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>html</span><span class='default'>></span></div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>head</span><span class='default'>></span></div>
<div class='line'><span class='default'>        &lt;</span><span class='ElementName'>title</span><span class='default'>></span><span class='Text'>A potentially dangerous Request.Path value was detected from the client (&lt;).</span><span class='default'>&lt;</span><span class='ElementName'>/title</span><span class='default'>></span></div>
<div class='line'><span class='default'>        &lt;</span><span class='ElementName'>meta</span><span class='default'> </span><span class='AttrName'>name</span><span class='default'>=</span><span class='AttrValue'>"viewport"</span><span class='default'> </span><span class='AttrName'>content</span><span class='default'>=</span><span class='AttrValue'>"width=device-width"</span><span class='default'> /></span></div>
<div class='line'><span class='default'>        &lt;</span><span class='ElementName'>style</span><span class='default'>></span></div>
<div class='line'><span class='default'>         body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;} </span></div>
<div class='line'><span class='default'>         p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}</span></div>
<div class='line'><span class='default'>         b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}</span></div>
<div class='line'><span class='default'>         H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }</span></div>
<div class='line'><span class='default'>         H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }</span></div>
<div class='line'><span class='default'>         pre {font-family:"Consolas","Lucida Console",Monospace;font-size:11pt;margin:0;padding:0.5em;line-height:14pt}</span></div>
<div class='line'><span class='default'>         .marker {font-weight: bold; color: black;text-decoration: none;}</span></div>
<div class='line'><span class='default'>         .version {color: gray;}</span></div>
<div class='line'><span class='default'>         .error {margin-bottom: 10px;}</span></div>
<div class='line'><span class='default'>         .expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }</span></div>
<div class='line'><span class='default'>         @media screen and (max-width: 639px) {</span></div>
<div class='line'><span class='StartAtLine'><br /></span></div>
<div class='line'><span class='StartAtLine'><br /></span></div>
<div class='line'><span class='StartAtLine'> ... Starting at line 80 ... </span></div>
<div class='line'><span class='StartAtLine'><br /></span></div>
<div class='line'><span class='default'>            &lt;</span><span class='ElementName'>br</span><span class='default'>></span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>            &lt;</span><span class='ElementName'>hr</span><span class='default'> </span><span class='AttrName'>width</span><span class='default'>=</span><span class='AttrValue'>100%</span><span class='default'> </span><span class='AttrName'>size</span><span class='default'>=</span><span class='AttrValue'>1</span><span class='default'> </span><span class='AttrName'>color</span><span class='default'>=</span><span class='AttrValue'>silver</span><span class='default'>></span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>            </span><span class='AttackSelection'>&lt;b>Version Information:&lt;/b>&nbsp;Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.36393</span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>            &lt;</span><span class='ElementName'>/font</span><span class='default'>></span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>/body</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>/html</span><span class='default'>></span></div>

        </div>
        <div class="page-break"></div>
        <div class="block-header bg-primary">
                <a name="7f7202d6ea254a81b64f2550c4848f37"></a>
            ID 43433784 - https://www.dashanqy.com/manage/js/jquery.min.js
        </div>
        <div class="block-header bg-gray">Request</div>
        <div class="syntax">
            <div class='line'><span class='default'>GET /manage/js/jquery.min.js HTTP/1.1</span></div>
<div class='line'><span class='HeaderName'>Host:</span><span class='HeaderValue'> www.dashanqy.com</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Upgrade-Insecure-Requests:</span><span class='HeaderValue'> 1</span></div>
<div class='line'><span class='HeaderName'>User-Agent:</span><span class='HeaderValue'> Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36</span></div>
<div class='line'><span class='HeaderName'>Accept:</span><span class='HeaderValue'> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;</span></div>
<div class='line'><span class='HeaderValue'>q=0.8</span></div>
<div class='line'><span class='HeaderName'>Accept-Encoding:</span><span class='HeaderValue'> gzip, deflate</span></div>
<div class='line'><span class='HeaderName'>Accept-Language:</span><span class='HeaderValue'> en-US,en;q=0.9</span></div>
<div class='line'><span class='HeaderName'>Cookie:</span><span class='HeaderValue'> ASP.NET_SessionId=uwflf5f2apq1utt5inzr0i5y; TS016d37e8=01851f6ed5962d9da0fca906b73154f7115c8d0842927a45143768527b2a0f0aefc54</span></div>
<div class='line'><span class='HeaderValue'>ddbc2588a4c9cb1e0ae06bf7d7b3fb8a283f7</span></div>
<div class='line'><span class='default'><br /></span></div>

        </div>
        <div class="block-header bg-gray">Response</div>
        <div class="syntax">
            <div class='line'><span class='default'>HTTP/1.1 200 OK</span></div>
<div class='line'><span class='HeaderName'>Content-Type:</span><span class='HeaderValue'> application/javascript</span></div>
<div class='line'><span class='HeaderName'>Last-Modified:</span><span class='HeaderValue'> Thu, 08 Feb 2018 11:22:54 GMT</span></div>
<div class='line'><span class='HeaderName'>Accept-Ranges:</span><span class='HeaderValue'> bytes</span></div>
<div class='line'><span class='HeaderName'>ETag:</span><span class='HeaderValue'> "03b9229cfa0d31:0"</span></div>
<div class='line'><span class='HeaderName'>Vary:</span><span class='HeaderValue'> Accept-Encoding</span></div>
<div class='line'><span class='HeaderName'>X-Powered-By:</span><span class='HeaderValue'> ASP.NET</span></div>
<div class='line'><span class='HeaderName'>X-Frame-Options:</span><span class='HeaderValue'> SAMEORIGIN</span></div>
<div class='line'><span class='HeaderName'>Date:</span><span class='HeaderValue'> Mon, 09 Apr 2018 01:01:40 GMT</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Content-Length:</span><span class='HeaderValue'> 93583</span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>(function(e,t){function _(e){var </span><span class='AttrName'>t</span><span class='default'>=</span><span class='AttrValue'>M</span><span class='default'>[e]={};return v.each(e.split(y),function(e,n){t[n]=!0}),t}function H(e,n,r){if(r===t&&e.nodeType===1){var </span><span class='AttrName'>i</span><span class='default'>=</span><span class='AttrValue'>"data-"</span><span class='default'>+n.replace(P,"-$1").toLowerCase();</span><span class='AttrName'>r</span><span class='default'>=</span><span class='AttrValue'>e.getAttribute</span><span class='default'>(i);if(typeof r=="string"){try{</span><span class='AttrName'>r</span><span class='default'>=</span><span class='AttrValue'>r</span><span class='default'>==="true"?!0:r==="false"?!1:r==="null"?null:+r+""===r?+r:</span></div>
<div class='line'><span class='default'>D.test(r)?v.parseJSON(r):r}catch(s){}v.data(e,n,r)}else </span><span class='AttrName'>r</span><span class='default'>=</span><span class='AttrValue'>t</span><span class='default'>}return r}function B(e){var t;for(t in e){if(t==="data"&&v.isEmptyObject(e[t]))continue;if(t!=="toJSON")return!1}return</span></div>
<div class='line'><span class='default'>!0}function et(){return!1}function tt(){return!0}function ut(e){return!e||!e.parentNode||e.parentNode.nodeType===11}function at(e,t){do </span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>e</span><span class='default'>[t];while(e&&e.nodeType!==1);return e}function ft(e,t,n){</span><span class='AttrName'>t</span><span class='default'>=</span><span class='AttrValue'>t</span><span class='default'>||0;if(v.isFunction(t))return v.grep(e,function(e,r){var i=!!t.call(e,r,e);return i===n});if(t.nodeType)return v.grep(e,function(e,r){return e===t===n});if(typeof t=="string"){var </span><span class='AttrName'>r</span><span class='default'>=</span><span class='AttrValue'>v.grep</span><span class='default'>(e,function(e){return e.nodeType===1});if(it.test(t))return v.filter(t,r,!n);</span><span class='AttrName'>t</span><span class='default'>=</span><span class='AttrValue'>v.filter</span><span class='default'>(t,r)}return v.grep(e,function(e,r){return v.inArray(e,t)></span><span class='Text'>=0===n})}function lt(e){var t=ct.split("|"),n=e.createDocumentFragment();if(n.createElement)while(t.</span></div>
<div class='line'><span class='Text'>length)n.createElement(t.pop());return n}function Lt(e,t){return e.getElementsByTagName(t)[0]||e.appendChild(e.ownerDocument.createElement(t))}fu</span></div>
<div class='line'><span class='Text'>nction At(e,t){if(t.nodeType!==1||!v.hasData(e))return;var n,r,i,s=v._data(e),o=v._data(t,s),u=s.events;if(u){delete o.handle,o.events={};for(n in u)for(r=0,i=u[n].length;r</span><span class='default'>&lt;</span><span class='ElementName'>i</span><span class='default'>;r++)v.event.add(t,n,u[n][r])}o.data&&(o.</span><span class='AttrName'>data</span><span class='default'>=</span><span class='AttrValue'>v.</span></div>
<div class='line'><span class='AttrValue'>extend</span><span class='default'>({},o.data))}function Ot(e,t){var n;if(t.nodeType!==1)return;t.clearAttributes&&t.clearAttributes(),t.mergeAttribu</span></div>
<div class='line'><span class='default'>tes&&t.mergeAttributes(e),</span><span class='AttrName'>n</span><span class='default'>=</span><span class='AttrValue'>t.nodeName.toLowerCase</span><span class='default'>(),n==="object"?(t.parentNode&</span></div>
<div class='line'><span class='default'>&(t.</span><span class='AttrName'>outerHTML</span><span class='default'>=</span><span class='AttrValue'>e.outerHTML</span><span class='default'>),v.support.html5Clone&&e.innerHTML&&!v.trim(t.</span></div>
<div class='line'><span class='default'>innerHTML)&&(t.</span><span class='AttrName'>innerHTML</span><span class='default'>=</span><span class='AttrValue'>e.innerHTML</span><span class='default'>)):n==="input"&&Et.test(e.type)?(t.</span></div>
<div class='line'><span class='AttrName'>defaultChecked</span><span class='default'>=</span><span class='AttrValue'>t.checked</span><span class='default'>=e.checked,t.value!==e.value&&(t.</span><span class='AttrName'>value</span><span class='default'>=</span><span class='AttrValue'>e.value</span><span class='default'>)):</span></div>
<div class='line'><span class='default'>n==="option"?t.</span><span class='AttrName'>selected</span><span class='default'>=</span><span class='AttrValue'>e.defaultSelected</span><span class='default'>:n==="input"||n==="textarea"?t.</span></div>
<div class='line'><span class='AttrName'>defaultValue</span><span class='default'>=</span><span class='AttrValue'>e.defaultValue</span><span class='default'>:n==="script"&&t.text!==e.text&&(t.</span><span class='AttrName'>text</span><span class='default'>=</span><span class='AttrValue'>e.text</span><span class='default'>),t.</span></div>
<div class='line'><span class='default'>removeAttribute(v.expando)}function Mt(e){return typeof e.getElementsByTagName!="undefined"?e.getElementsByTagName("*"):typeof e.querySelectorAll!="undefined"?e.querySelectorAll("*"):[]}function _t(e){Et.test(e.type)&&(e.</span><span class='AttrName'>defaultChecked</span><span class='default'>=</span><span class='AttrValue'>e.checked</span><span class='default'>)}function Qt(e,t){if(t in e)return t;var </span><span class='AttrName'>n</span><span class='default'>=</span><span class='AttrValue'>t.charAt</span><span class='default'>(0).toUpperCase()+t.slice(1),</span><span class='AttrName'>r</span><span class='default'>=</span><span class='AttrValue'>t</span><span class='default'>,</span><span class='AttrName'>i</span><span class='default'>=</span><span class='AttrValue'>Jt.length</span><span class='default'>;while(i--){</span><span class='AttrName'>t</span><span class='default'>=</span><span class='AttrValue'>Jt</span><span class='default'>[i]+n;</span></div>
<div class='line'><span class='default'>if(t in e)return t}return r}function Gt(e,t){return </span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>t</span><span class='default'>||e,v.css(e,"display")==="none"||!v.contains(e.ownerDocument,e)}function Yt(e,t){var n,r,i=[],</span><span class='AttrName'>s</span><span class='default'>=</span><span class='AttrValue'>0</span><span class='default'>,</span><span class='AttrName'>o</span><span class='default'>=</span><span class='AttrValue'>e.length</span><span class='default'>;for(;s&lt;</span><span class='ElementName'>o</span><span class='default'>;s++){</span><span class='AttrName'>n</span><span class='default'>=</span><span class='AttrValue'>e</span><span class='default'>[s];if(!n.style)continue;i[s]=v.</span></div>
<div class='line'><span class='default'>_data(n,"olddisplay"),t?(!i[s]&&n.style.display==="none"&&(n.style.</span><span class='AttrName'>display</span><span class='default'>=</span><span class='AttrValue'>""</span><span class='default'>),n</span></div>
<div class='line'><span class='default'>.style.display===""&&Gt(n)&&(i[s]=v._data(n,"olddisplay",nn(n.nodeName)))):</span></div>
<div class='line'><span class='default'>(</span><span class='AttrName'>r</span><span class='default'>=</span><span class='AttrValue'>Dt</span><span class='default'>(n,"display"),!i[s]&&r!=="none"&&v._data(n,"olddisplay",r))}for(</span><span class='AttrName'>s</span><span class='default'>=</span><span class='AttrValue'>0</span><span class='default'>;</span><span class='AttrValue'><br /></span></div>
<div class='line'><span class='default'>s&lt;</span><span class='ElementName'>o</span><span class='default'>;s++){</span><span class='AttrName'>n</span><span class='default'>=</span><span class='AttrValue'>e</span><span class='default'>[s];if(!n.style)continue;if(!t||n.style.display==="none"||n.</span></div>
<div class='line'><span class='default'>style.display==="")n.style.</span><span class='AttrName'>display</span><span class='default'>=</span><span class='AttrValue'>t</span><span class='default'>?i[s]||"":"none"}return e}function Zt(e,t,n){var </span><span class='AttrName'>r</span><span class='default'>=</span><span class='AttrValue'>Rt.exec</span><span class='default'>(t);return r?Math.max(0,r[1]-(n||0))+(r[2]||"px"):t}function en(e,t,n,r){var </span><span class='AttrName'>i</span><span class='default'>=</span><span class='AttrValue'>n</span><span class='default'>===(r?"border":"content")?4:t==="width"?1:0,</span><span class='AttrName'>s</span><span class='default'>=</span><span class='AttrValue'>0</span><span class='default'>;for(;i&lt;</span><span class='ElementName'>4</span><span class='default'>;i+=2)n==="margin"&</span></div>
<div class='line'><span class='default'>&(s+=v.css(e,n+$t[i],!0)),r?(n==="content"&&(s-=parseFloat(Dt(e,"padding"+$t[i])</span></div>
<div class='line'><span class='default'>)||0),n!=="margin"&&(s-=parseFloat(Dt(e,"border"+$t[i]+"Width"))||0)):</span></div>
<div class='line'><span class='default'>(s+=parseFloat(Dt(e,"padding"+$t[i]))||0,n!=="padding"&&(s+=parseFloat(Dt(e,"bor</span></div>
<div class='line'><span class='default'>der"+$t[i]+"Width"))||0));return s}function tn(e,t,n){var </span><span class='AttrName'>r</span><span class='default'>=</span><span class='AttrValue'>t</span><span class='default'>==="width"?e.offsetWidth:e.offsetHeight,i=!0,</span><span class='AttrName'>s</span><span class='default'>=</span><span class='AttrValue'>v.support.boxSizing</span><span class='default'>&</span><span class='AttrValue'><br /></span></div>
<div class='line'><span class='default'>&v.css(e,"boxSizing")==="border-box";if(r&lt;=0||r==null){</span><span class='AttrName'>r</span><span class='default'>=</span><span class='AttrValue'>Dt</span><span class='default'>(e,t);if(r&lt;</span></div>
<div class='line'><span class='ElementName'>0</span><span class='default'>||r==null)</span><span class='AttrName'>r</span><span class='default'>=</span><span class='AttrValue'>e.style</span><span class='default'>[t];if(Ut.test(r))return r;</span><span class='AttrName'>i</span><span class='default'>=</span><span class='AttrValue'>s</span><span class='default'>&&(v.support.boxSizingReliable||r===e.style[t]),</span><span class='AttrName'>r</span><span class='default'>=</span><span class='AttrValue'>parseFloat</span><span class='default'>(r)||0}return r+en(e,t,n||(s?"border":"content"),i)+"px"}function nn(e){if(Wt[e])return Wt[e];var </span><span class='AttrName'>t</span><span class='default'>=</span><span class='AttrValue'>v</span><span class='default'>("&lt;"+e+"></span><span class='Text'>").appendTo(i.body),n=t.css("display");t.remove();if(n==="none"||n==</span></div>
<div class='line'><span class='Text'>=""){Pt=i.body.appendChild(Pt||v.extend(i.createElement("iframe"),{frameBorder:</span></div>
<div class='line'><span class='Text'>0,width:0,height:0}));if(!Ht||!Pt.createElement)Ht=(Pt.contentWindow||Pt.</span></div>
<div class='line'><span class='Text'>contentDocument).document,Ht.write("</span><span class='default'>&lt;!doctype html>&lt;</span><span class='ElementName'>html</span><span class='default'>>&lt;</span><span class='ElementName'>body</span><span class='default'>></span><span class='Text'>"),Ht.close();t=Ht.body.appendChild(Ht.createElement(e)),n=Dt(t</span></div>
<div class='line'><span class='Text'>,"display"),i.body.removeChild(Pt)}return Wt[e]=n,n}function fn(e,t,n,r){var i;if(v.isArray(t))v.each(t,function(t,i){n||sn.test(e)?r(e,i):fn(e+"["+(typeof i=="object"?t:"")+"]",i,n,r)});else if(!n&&v.type(t)==="object")for(i in t)fn(e+"["+i+"]",t[i],n,r);else r(e,t)}function Cn(e){return function(t,n){typeof t!="string"&&(n=t,t="*");var r,i,s,o=t.toLowerCase().split(y),u=0,a=o.length;if(v.isFunction(n))for(;</span></div>
<div class='line'><span class='Text'>u</span><span class='default'>&lt;</span><span class='ElementName'>a</span><span class='default'>;u++)</span><span class='AttrName'>r</span><span class='default'>=</span><span class='AttrValue'>o</span><span class='default'>[u],s=/^\+/.test(r),s&&(</span><span class='AttrName'>r</span><span class='default'>=</span><span class='AttrValue'>r.substr</span><span class='default'>(1)||"*"),</span><span class='AttrName'>i</span><span class='default'>=</span><span class='AttrValue'>e</span><span class='default'>[r]=e[r]||[],i[s?"unsh</span></div>
<div class='line'><span class='default'>ift":"push"](n)}}function kn(e,n,r,i,s,o){</span><span class='AttrName'>s</span><span class='default'>=</span><span class='AttrValue'>s</span><span class='default'>||n.dataTypes[0],</span><span class='AttrName'>o</span><span class='default'>=</span><span class='AttrValue'>o</span><span class='default'>||{},o[s]=!0;var u,</span><span class='AttrName'>a</span><span class='default'>=</span><span class='AttrValue'>e</span><span class='default'>[s],</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>0</span><span class='default'>,</span><span class='AttrName'>l</span><span class='default'>=</span><span class='AttrValue'>a</span><span class='default'>?a.length:0,</span><span class='AttrName'>c</span><span class='default'>=</span><span class='AttrValue'>e</span><span class='default'>===Sn;for(;f&lt;</span><span class='ElementName'>l</span><span class='default'>&&(c||!u);f++)</span><span class='AttrName'>u</span><span class='default'>=</span><span class='AttrValue'>a</span><span class='default'>[f](n,r,i),typeof u=="string"&&(!c||o[u]?</span><span class='AttrName'>u</span><span class='default'>=</span><span class='AttrValue'>t</span><span class='default'>:(n.dataTypes.unshift(u),</span><span class='AttrName'>u</span><span class='default'>=</span><span class='AttrValue'>kn</span><span class='default'>(e,n,r,i,u,o)));</span></div>
<div class='line'><span class='default'>return(c||!u)&&!o["*"]&&(</span><span class='AttrName'>u</span><span class='default'>=</span><span class='AttrValue'>kn</span><span class='default'>(e,n,r,i,"*",o)),u}function Ln(e,n){var r,i,</span><span class='AttrName'>s</span><span class='default'>=</span><span class='AttrValue'>v.ajaxSettings.flatOptions</span><span class='default'>||{};for(r in n)n[r]!==t&&((s[r]?e:i||(i={}))[r]=n[r]);i&&v.extend(!0,e,i)}function An(e,n,r){var i,s,o,u,</span><span class='AttrName'>a</span><span class='default'>=</span><span class='AttrValue'>e.contents</span><span class='default'>,</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>e.dataTypes</span><span class='default'>,</span><span class='AttrName'>l</span><span class='default'>=</span><span class='AttrValue'>e.responseFields</span><span class='default'>;for(s in l)s in r&&(n[l[s]]=r[s]);while(f[0]==="*")f.shift(),i===t&&(</span><span class='AttrName'>i</span><span class='default'>=</span><span class='AttrValue'>e.mimeType</span><span class='default'>||n.getResponse</span></div>
<div class='line'><span class='default'>Header("content-type"));if(i)for(s in a)if(a[s]&&a[s].test(i)){f.unshift(s);break}if(f[0]in r)</span><span class='AttrName'>o</span><span class='default'>=</span><span class='AttrValue'>f</span><span class='default'>[0];else{for(s in r){if(!f[0]||e.converters[s+" "+f[0]]){</span><span class='AttrName'>o</span><span class='default'>=</span><span class='AttrValue'>s</span><span class='default'>;break}u||(</span><span class='AttrName'>u</span><span class='default'>=</span><span class='AttrValue'>s</span><span class='default'>)}</span><span class='AttrName'>o</span><span class='default'>=</span><span class='AttrValue'>o</span><span class='default'>||u}if(o)return o!==f[0]&&f.unshift(o),r[o]}function On(e,t){var n,r,i,s,</span><span class='AttrName'>o</span><span class='default'>=</span><span class='AttrValue'>e.dataTypes.slice</span><span class='default'>(),</span><span class='AttrName'>u</span><span class='default'>=</span><span class='AttrValue'>o</span><span class='default'>[0],a={},</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>0</span><span class='default'>;e.dataFilter&&(</span><span class='AttrName'>t</span><span class='default'>=</span><span class='AttrValue'>e.dataFilter</span><span class='default'>(t,e.</span></div>
<div class='line'><span class='default'>dataType));if(o[1])for(n in e.converters)a[n.toLowerCase()]=e.converters[n];for(;</span><span class='AttrName'>i</span><span class='default'>=</span><span class='AttrValue'>o</span><span class='default'>[++f];)if(i!=="*"){if(u!</span></div>
<div class='line'><span class='default'>=="*"&&u!==i){</span><span class='AttrName'>n</span><span class='default'>=</span><span class='AttrValue'>a</span><span class='default'>[u+" "+i]||a["* "+i];if(!n)for(r in a){</span><span class='AttrName'>s</span><span class='default'>=</span><span class='AttrValue'>r.split</span><span class='default'>(" ");if(s[1]===i){</span><span class='AttrName'>n</span><span class='default'>=</span><span class='AttrValue'>a</span><span class='default'>[u+" "+s[0]]||a["* "+s[0]];if(n){n===!0?</span><span class='AttrName'>n</span><span class='default'>=</span><span class='AttrValue'>a</span><span class='default'>[r]:a[r]!==!0&&(</span><span class='AttrName'>i</span><span class='default'>=</span><span class='AttrValue'>s</span><span class='default'>[0],o.splice(f--,0,i));break}}}if(n!=</span></div>
<div class='line'><span class='default'>=!0)if(n&&e["throws"])</span><span class='AttrName'>t</span><span class='default'>=</span><span class='AttrValue'>n</span><span class='default'>(t);else try{</span><span class='AttrName'>t</span><span class='default'>=</span><span class='AttrValue'>n</span><span class='default'>(t)}catch(l){return{state:"parsererror",error:n?l:"No conversion from "+u+" to "+i}}}</span><span class='AttrName'>u</span><span class='default'>=</span><span class='AttrValue'>i</span><span class='default'>}return{state:"success",data:t}}function Fn(){try{return new e.XMLHttpRequest}catch(t){}}function In(){try{return new e.ActiveXObject("Microsoft.XMLHTTP")}catch(t){}}function $n(){return setTimeout(function(){</span><span class='AttrName'>qn</span><span class='default'>=</span><span class='AttrValue'>t</span><span class='default'>},0),</span><span class='AttrName'>qn</span><span class='default'>=</span><span class='AttrValue'>v.now</span><span class='default'>()}function Jn(e,t){v.each(t,function(t,n){var r=(Vn[t]||[]).concat(Vn["*"]),</span><span class='AttrName'>i</span><span class='default'>=</span><span class='AttrValue'>0</span><span class='default'>,</span><span class='AttrName'>s</span><span class='default'>=</span><span class='AttrValue'>r.length</span><span class='default'>;for(;i&lt;</span><span class='ElementName'>s</span><span class='default'>;i++)if(r[i].call(e,t,n))re</span></div>
<div class='line'><span class='default'>turn})}function Kn(e,t,n){var r,</span><span class='AttrName'>i</span><span class='default'>=</span><span class='AttrValue'>0</span><span class='default'>,</span><span class='AttrName'>s</span><span class='default'>=</span><span class='AttrValue'>0</span><span class='default'>,</span><span class='AttrName'>o</span><span class='default'>=</span><span class='AttrValue'>Xn.length</span><span class='default'>,</span><span class='AttrName'>u</span><span class='default'>=</span><span class='AttrValue'>v.Deferred</span><span class='default'>().always(function(){delete a.elem}),</span><span class='AttrName'>a</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(){var </span><span class='AttrName'>t</span><span class='default'>=</span><span class='AttrValue'>qn</span><span class='default'>||$n(),</span><span class='AttrName'>n</span><span class='default'>=</span><span class='AttrValue'>Math.max</span><span class='default'>(0,f.startTime+f.duration-t),</span><span class='AttrName'>r</span><span class='default'>=</span><span class='AttrValue'>n</span><span class='default'>/f.duration||0,</span><span class='AttrName'>i</span><span class='default'>=</span><span class='AttrValue'>1</span><span class='default'>-r,</span><span class='AttrName'>s</span><span class='default'>=</span><span class='AttrValue'>0</span><span class='default'>,</span><span class='AttrName'>o</span><span class='default'>=</span><span class='AttrName'><br /></span></div>
<div class='line'><span class='AttrValue'>f.tweens.length</span><span class='default'>;for(;s&lt;</span><span class='ElementName'>o</span><span class='default'>;s++)f.tweens[s].run(i);return u.notifyWith(e,[f,i,n]),i&lt;</span><span class='ElementName'>1</span><span class='default'>&&o?n:(u.resolveWith(e,[f]),!1)},</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>u.promise</span><span class='default'>({elem:</span></div>
<div class='line'><span class='default'>e,props:v.extend({},t),opts:v.extend(!0,{specialEasing:{}},n),originalProperties</span></div>
<div class='line'><span class='default'>:t,originalOptions:n,startTime:qn||$n(),duration:n.duration,tweens:[],createTwee</span></div>
<div class='line'><span class='default'>n:function(t,n,r){var </span><span class='AttrName'>i</span><span class='default'>=</span><span class='AttrValue'>v.Tween</span><span class='default'>(e,f.opts,t,n,f.opts.specialEasing[t]||f.opts.easing);return f.tweens.push(i),i},stop:function(t){var </span><span class='AttrName'>n</span><span class='default'>=</span><span class='AttrValue'>0</span><span class='default'>,</span><span class='AttrName'>r</span><span class='default'>=</span><span class='AttrValue'>t</span><span class='default'>?f.tweens.length:0;for(;n&lt;</span><span class='ElementName'>r</span><span class='default'>;n++)f.tweens[n].run(1);return t?u.resolveWith(e,[f,t]):u.rejectWith(e,[f,t]),this}}),</span><span class='AttrName'>l</span><span class='default'>=</span><span class='AttrValue'>f.props</span><span class='default'>;Qn(l,f.</span></div>
<div class='line'><span class='default'>opts.specialEasing);for(;i&lt;</span><span class='ElementName'>o</span><span class='default'>;i++){</span><span class='AttrName'>r</span><span class='default'>=</span><span class='AttrValue'>Xn</span><span class='default'>[i].call(f,e,l,f.opts);if(r)return r}return Jn(f,l),v.isFunction(f.opts.start)&&f.opts.start.call(e,f),v.fx.timer(v.</span></div>
<div class='line'><span class='default'>extend(a,{anim:f,queue:f.opts.queue,elem:e})),f.progress(f.opts.progress).</span></div>
<div class='line'><span class='default'>done(f.opts.done,f.opts.complete).fail(f.opts.fail).always(f.opts.always)}functi</span></div>
<div class='line'><span class='default'>on Qn(e,t){var n,r,i,s,o;for(n in e){</span><span class='AttrName'>r</span><span class='default'>=</span><span class='AttrValue'>v.camelCase</span><span class='default'>(n),</span><span class='AttrName'>i</span><span class='default'>=</span><span class='AttrValue'>t</span><span class='default'>[r],</span><span class='AttrName'>s</span><span class='default'>=</span><span class='AttrValue'>e</span><span class='default'>[n],v.isArray(s)&&(</span><span class='AttrName'>i</span><span class='default'>=</span><span class='AttrValue'>s</span><span class='default'>[1],</span><span class='AttrName'>s</span><span class='default'>=</span><span class='AttrValue'>e</span><span class='default'>[n]=s[0]),n!==r&</span></div>
<div class='line'><span class='default'>&(e[r]=s,delete e[n]),</span><span class='AttrName'>o</span><span class='default'>=</span><span class='AttrValue'>v.cssHooks</span><span class='default'>[r];if(o&&"expand"in o){</span><span class='AttrName'>s</span><span class='default'>=</span><span class='AttrValue'>o.expand</span><span class='default'>(s),delete e[r];for(n in s)n in e||(e[n]=s[n],t[n]=i)}else t[r]=i}}function Gn(e,t,n){var r,i,s,o,u,a,f,l,c,</span><span class='AttrName'>h</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>,</span><span class='AttrName'>p</span><span class='default'>=</span><span class='AttrValue'>e.style</span><span class='default'>,d={},m=[],</span><span class='AttrName'>g</span><span class='default'>=</span><span class='AttrValue'>e.nodeType</span><span class='default'>&&Gt(e);n.queue||(</span><span class='AttrName'>l</span><span class='default'>=</span><span class='AttrValue'>v.</span></div>
<div class='line'><span class='default'>_queueHooks(e,"fx"),l.unqueued==null&&(l.</span><span class='AttrName'>unqueued</span><span class='default'>=</span><span class='AttrValue'>0</span><span class='default'>,</span><span class='AttrName'>c</span><span class='default'>=</span><span class='AttrValue'>l.empty.fire</span><span class='default'>,l.empty.</span></div>
<div class='line'><span class='AttrName'>fire</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(){l.unqueued||c()}),l.unqueued++,h.always(function(){h.always(func</span></div>
<div class='line'><span class='default'>tion(){l.unqueued--,v.queue(e,"fx").length||l.empty.fire()})})),e.nodeType===1&</span></div>
<div class='line'><span class='default'>&("height"in t||"width"in t)&&(n.overflow=[p.overflow,p.overflowX,p.overflowY],v.css(e,"display")==="inlin</span></div>
<div class='line'><span class='default'>e"&&v.css(e,"float")==="none"&&(!v.support.inlineBlockNeedsLayout||nn(e.</span></div>
<div class='line'><span class='default'>nodeName)==="inline"?p.</span><span class='AttrName'>display</span><span class='default'>=</span><span class='AttrValue'>"inline-block"</span><span class='default'>:p.</span><span class='AttrName'>zoom</span><span class='default'>=</span><span class='AttrValue'>1</span><span class='default'>)),n.overflow&&(p.</span></div>
<div class='line'><span class='AttrName'>overflow</span><span class='default'>=</span><span class='AttrValue'>"hidden"</span><span class='default'>,v.support.shrinkWrapBlocks||h.done(function(){p.</span><span class='AttrName'>overflow</span><span class='default'>=</span><span class='AttrValue'>n.</span></div>
<div class='line'><span class='AttrValue'>overflow</span><span class='default'>[0],p.</span><span class='AttrName'>overflowX</span><span class='default'>=</span><span class='AttrValue'>n.overflow</span><span class='default'>[1],p.</span><span class='AttrName'>overflowY</span><span class='default'>=</span><span class='AttrValue'>n.overflow</span><span class='default'>[2]}));for(r in t){</span><span class='AttrName'>s</span><span class='default'>=</span><span class='AttrValue'>t</span><span class='default'>[r];if(Un.exec(s)){delete t[r],</span><span class='AttrName'>a</span><span class='default'>=</span><span class='AttrValue'>a</span><span class='default'>||s==="toggle";if(s===(g?"hide":"show"))continue;m.push(r)}}</span><span class='AttrName'>o</span><span class='default'>=</span><span class='AttrValue'>m.</span></div>
<div class='line'><span class='AttrValue'>length</span><span class='default'>;if(o){</span><span class='AttrName'>u</span><span class='default'>=</span><span class='AttrValue'>v.</span><span class='default'>_data(e,"fxshow")||v._data(e,"fxshow",{}),"hidden"in u&&(</span><span class='AttrName'>g</span><span class='default'>=</span><span class='AttrValue'>u.hidden</span><span class='default'>),a&&(u.hidden=!g),g?v(e).show():h.done(function(){v(e).</span></div>
<div class='line'><span class='default'>hide()}),h.done(function(){var t;v.removeData(e,"fxshow",!0);for(t in d)v.style(e,t,d[t])});for(</span><span class='AttrName'>r</span><span class='default'>=</span><span class='AttrValue'>0</span><span class='default'>;r&lt;</span><span class='ElementName'>o</span><span class='default'>;r++)</span><span class='AttrName'>i</span><span class='default'>=</span><span class='AttrValue'>m</span><span class='default'>[r],</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>h.createTween</span><span class='default'>(i,g?u[i]:</span></div>
<div class='line'><span class='default'>0),d[i]=u[i]||v.style(e,i),i in u||(u[i]=f.start,g&&(f.</span><span class='AttrName'>end</span><span class='default'>=</span><span class='AttrValue'>f.start</span><span class='default'>,f.</span><span class='AttrName'>start</span><span class='default'>=</span><span class='AttrValue'>i</span><span class='default'>==="width"||i==="height"?1:</span></div>
<div class='line'><span class='default'>0))}}function Yn(e,t,n,r,i){return new Yn.prototype.init(e,t,n,r,i)}function Zn(e,t){var n,r={height:e},</span><span class='AttrName'>i</span><span class='default'>=</span><span class='AttrValue'>0</span><span class='default'>;</span><span class='AttrName'>t</span><span class='default'>=</span><span class='AttrValue'>t</span><span class='default'>?1:0;for(;i&lt;</span><span class='ElementName'>4</span><span class='default'>;i+=2-t)n=$t[i],r["margin"+n]=r["padding"+n]=</span></div>
<div class='line'><span class='default'>e;return t&&(r.</span><span class='AttrName'>opacity</span><span class='default'>=</span><span class='AttrValue'>r.width</span><span class='default'>=e),r}function tr(e){return v.isWindow(e)?e:e.nodeType===9?e.defaultView||e.parentWindow:!1}var n,r,</span><span class='AttrName'>i</span><span class='default'>=</span><span class='AttrValue'>e.document</span><span class='default'>,</span><span class='AttrName'>s</span><span class='default'>=</span><span class='AttrValue'>e.location</span><span class='default'>,</span><span class='AttrName'>o</span><span class='default'>=</span><span class='AttrValue'>e.navigator</span><span class='default'>,</span><span class='AttrName'>u</span><span class='default'>=</span><span class='AttrValue'>e.jQuery</span><span class='default'>,</span><span class='AttrName'>a</span><span class='default'>=</span><span class='AttrValue'>e.</span><span class='default'>$,</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>Array.prototype.</span></div>
<div class='line'><span class='AttrValue'>push</span><span class='default'>,</span><span class='AttrName'>l</span><span class='default'>=</span><span class='AttrValue'>Array.prototype.slice</span><span class='default'>,</span><span class='AttrName'>c</span><span class='default'>=</span><span class='AttrValue'>Array.prototype.indexOf</span><span class='default'>,</span><span class='AttrName'>h</span><span class='default'>=</span><span class='AttrValue'>Object.prototype.</span></div>
<div class='line'><span class='AttrValue'>toString</span><span class='default'>,</span><span class='AttrName'>p</span><span class='default'>=</span><span class='AttrValue'>Object.prototype.hasOwnProperty</span><span class='default'>,</span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>String.prototype.trim</span><span class='default'>,</span><span class='AttrName'>v</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(e,</span></div>
<div class='line'><span class='default'>t){return new v.fn.init(e,t,n)},m=/[\-+]?(?:\d*\.|)\d+(?:[eE][\-+]?\d+|)/.source,g=/\S/,y=/\s+</span></div>
<div class='line'><span class='default'>/,b=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,w=/^(?:[^#&lt;]*(&lt;[\w\W]+></span><span class='Text'>)[^>]*$|#([\w\-]</span></div>
<div class='line'><span class='Text'>*)$)/,E=/^</span><span class='default'>&lt;(\w+)\s*\/?></span><span class='Text'>(?:</span><span class='default'>&lt;\/\1>|)$/,S=/^[\],:{}\s]*$/,x=/(?:^|:|,)(?:</span></div>
<div class='line'><span class='default'>\s*\[)+/g,T=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,N=/"[^"\\\r\n]*"|true|f.</span></div>
<div class='line'><span class='default'>..[TRUNCATED]...</span></div>

        </div>
        <div class="page-break"></div>
    <h3>
        <span>6.1.3</span>
        <span>
                <a href="#PoorErrorHandlingUnhandledException">Poor Error Handling: Unhandled Exception</a>
        </span>
        <span class="pull-right text-severity-medium">Medium</span>

    </h3>
        <div class="block-header bg-primary">
                <a name="d816958013bf4326ad96816e462ab1b7"></a>
            ID 34531733 - https://www.dashanqy.com/%3c
        </div>
        <div class="block-header bg-gray">Request</div>
        <div class="syntax">
            <div class='line'><span class='default'>GET /%3c HTTP/1.1</span></div>
<div class='line'><span class='HeaderName'>Host:</span><span class='HeaderValue'> www.dashanqy.com</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Upgrade-Insecure-Requests:</span><span class='HeaderValue'> 1</span></div>
<div class='line'><span class='HeaderName'>User-Agent:</span><span class='HeaderValue'> Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36</span></div>
<div class='line'><span class='HeaderName'>Accept:</span><span class='HeaderValue'> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;</span></div>
<div class='line'><span class='HeaderValue'>q=0.8</span></div>
<div class='line'><span class='HeaderName'>Accept-Encoding:</span><span class='HeaderValue'> gzip, deflate</span></div>
<div class='line'><span class='HeaderName'>Accept-Language:</span><span class='HeaderValue'> en-US,en;q=0.9</span></div>
<div class='line'><span class='HeaderName'>Cookie:</span><span class='HeaderValue'> ASP.NET_SessionId=uwflf5f2apq1utt5inzr0i5y; TS016d37e8=01851f6ed590d2c63183793729dc0950810d8d8dc97c0532f21a132c96321e20da552</span></div>
<div class='line'><span class='HeaderValue'>d67e12c93efc342803226ff97712a1f159a082831ac0d7d919b8239f6766fecf0233bbb95817d81e</span></div>
<div class='line'><span class='HeaderValue'>ba1204f014accec78ca1e</span></div>
<div class='line'><span class='default'><br /></span></div>

        </div>
        <div class="block-header bg-gray">Response</div>
        <div class="syntax">
            <div class='line'><span class='default'>HTTP/1.1 400 Bad Request</span></div>
<div class='line'><span class='HeaderName'>Cache-Control:</span><span class='HeaderValue'> private</span></div>
<div class='line'><span class='HeaderName'>Content-Type:</span><span class='HeaderValue'> text/html; charset=utf-8</span></div>
<div class='line'><span class='HeaderName'>X-Powered-By:</span><span class='HeaderValue'> ASP.NET</span></div>
<div class='line'><span class='HeaderName'>X-Frame-Options:</span><span class='HeaderValue'> SAMEORIGIN</span></div>
<div class='line'><span class='HeaderName'>Date:</span><span class='HeaderValue'> Mon, 09 Apr 2018 02:00:03 GMT</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Content-Length:</span><span class='HeaderValue'> 3809</span></div>
<div class='line'><span class='HeaderName'>Set-Cookie:</span><span class='HeaderValue'> TS016d37e8=01851f6ed53cc425633fd192e047c5b421521ed211f1ac49c0c2d1db0181200c75c71</span></div>
<div class='line'><span class='HeaderValue'>4c3a90ecda5d1ea4b3aabe905c895b81024391d55cf505be2184660e8e7166b5a04eb93b20e83c02</span></div>
<div class='line'><span class='HeaderValue'>a8f877848cae9c5cb8552; Path=/</span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>&lt;!DOCTYPE html></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>html</span><span class='default'>></span></div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>head</span><span class='default'>></span></div>
<div class='line'><span class='default'>        &lt;</span><span class='ElementName'>title</span><span class='default'>></span><span class='Text'>A potentially dangerous Request.Path value was detected from the client (&lt;).</span><span class='default'>&lt;</span><span class='ElementName'>/title</span><span class='default'>></span></div>
<div class='line'><span class='default'>        &lt;</span><span class='ElementName'>meta</span><span class='default'> </span><span class='AttrName'>name</span><span class='default'>=</span><span class='AttrValue'>"viewport"</span><span class='default'> </span><span class='AttrName'>content</span><span class='default'>=</span><span class='AttrValue'>"width=device-width"</span><span class='default'> /></span></div>
<div class='line'><span class='default'>        &lt;</span><span class='ElementName'>style</span><span class='default'>></span></div>
<div class='line'><span class='default'>         body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;} </span></div>
<div class='line'><span class='default'>         p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}</span></div>
<div class='line'><span class='default'>         b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}</span></div>
<div class='line'><span class='default'>         H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }</span></div>
<div class='line'><span class='default'>         H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }</span></div>
<div class='line'><span class='default'>         pre {font-family:"Consolas","Lucida Console",Monospace;font-size:11pt;margin:0;padding:0.5em;line-height:14pt}</span></div>
<div class='line'><span class='default'>         .marker {font-weight: bold; color: black;text-decoration: none;}</span></div>
<div class='line'><span class='default'>         .version {color: gray;}</span></div>
<div class='line'><span class='default'>         .error {margin-bottom: 10px;}</span></div>
<div class='line'><span class='default'>         .expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }</span></div>
<div class='line'><span class='StartAtLine'><br /></span></div>
<div class='line'><span class='StartAtLine'><br /></span></div>
<div class='line'><span class='StartAtLine'> ... Starting at line 61 ... </span></div>
<div class='line'><span class='StartAtLine'><br /></span></div>
<div class='line'><span class='default'>            &lt;</span><span class='ElementName'>/table</span><span class='default'>></span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>            &lt;</span><span class='ElementName'>br</span><span class='default'>></span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>            &lt;</span><span class='ElementName'>b</span><span class='default'>></span><span class='AttackSelection'>Stack Trace:</span><span class='default'>&lt;</span><span class='ElementName'>/b</span><span class='default'>></span><span class='Text'> </span><span class='default'>&lt;</span><span class='ElementName'>br</span><span class='default'>>&lt;</span><span class='ElementName'>br</span><span class='default'>></span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>            &lt;</span><span class='ElementName'>table</span><span class='default'> </span><span class='AttrName'>width</span><span class='default'>=</span><span class='AttrValue'>100%</span><span class='default'> </span><span class='AttrName'>bgcolor</span><span class='default'>=</span><span class='AttrValue'>"#ffffcc"</span><span class='default'>></span></div>
<div class='line'><span class='default'>               &lt;</span><span class='ElementName'>tr</span><span class='default'>></span></div>
<div class='line'><span class='default'>                  &lt;</span><span class='ElementName'>td</span><span class='default'>></span></div>
<div class='line'><span class='default'>                      &lt;</span><span class='ElementName'>code</span><span class='default'>>&lt;</span><span class='ElementName'>pre</span><span class='default'>></span></div>

        </div>
        <div class="page-break"></div>
    <h3>
        <span>6.2.1</span>
        <span>
                <a href="#CacheManagementInsecurePolicy">Cache Management: Insecure Policy</a>
        </span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
        <div class="block-header bg-primary">
                <a name="c8a0b929c59f430dbebd5e4cc97390ef"></a>
            ID 34530892 - https://www.dashanqy.com:443/huaping.html
        </div>
        <div class="block-header bg-gray">Request</div>
        <div class="syntax">
            <div class='line'><span class='default'>GET /huaping.html HTTP/1.1</span></div>
<div class='line'><span class='HeaderName'>Referer:</span><span class='HeaderValue'> https://www.dashanqy.com/base.aspx</span></div>
<div class='line'><span class='HeaderName'>Host:</span><span class='HeaderValue'> www.dashanqy.com</span></div>
<div class='line'><span class='HeaderName'>Accept:</span><span class='HeaderValue'> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</span></div>
<div class='line'><span class='HeaderName'>Accept-Language:</span><span class='HeaderValue'> en-US,en;q=0.5</span></div>
<div class='line'><span class='HeaderName'>Accept-Encoding:</span><span class='HeaderValue'> gzip, deflate</span></div>
<div class='line'><span class='HeaderName'>X-AscRawUrl:</span><span class='HeaderValue'> /huaping.html</span></div>
<div class='line'><span class='HeaderName'>Pragma:</span><span class='HeaderValue'> no-cache</span></div>
<div class='line'><span class='HeaderName'>User-Agent:</span><span class='HeaderValue'> Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> Keep-Alive</span></div>
<div class='line'><span class='HeaderName'>X-Scan-Memo:</span><span class='HeaderValue'> ScriptEngine="Gecko"; Category="Crawl"; SID="792CFD6DEB7E0BD3B7A4D42839DF4E3A"; PSID="711683CEE12F1378E62DE13341B4E53C"; SessionType="Crawl"; CrawlType="ScriptFrameInclude"; AttackType="None"; OriginatingEngineID="00000000-0000-0000-0000-000000000000"; ThreadId="232"; ThreadType="JScriptEvent"; </span></div>
<div class='line'><span class='HeaderName'>X-RequestManager-Memo:</span><span class='HeaderValue'> sid="369"; smi="0"; sc="1"; ID="415d47bd-f622-4ed6-b5bd-8925c3e4e440"; </span></div>
<div class='line'><span class='HeaderName'>X-Request-Memo:</span><span class='HeaderValue'> ID="3ae3eb4b-7dff-4d9f-839f-0224eceddad6"; sc="1"; ThreadId="232"; </span></div>
<div class='line'><span class='HeaderName'>Cookie:</span><span class='HeaderValue'> CustomCookie=WebInspect122856ZX38A625F6A3164D32AE7BC3B51B1FE5DBY7708;ASP.</span></div>
<div class='line'><span class='HeaderValue'>NET_SessionId=g5xr2xss1bhuu4xfomw4qin0;TS016d37e8=01851f6ed597b64128c12d0d507455</span></div>
<div class='line'><span class='HeaderValue'>3cd330410b91668015c50f5fb3b55e39bd2dc5c8a577ec6ec0d07eee63d245473efc91ce71ca</span></div>
<div class='line'><span class='default'><br /></span></div>

        </div>
        <div class="block-header bg-gray">Response</div>
        <div class="syntax">
            <div class='line'><span class='AttackSelection'>HTTP/</span><span class='default'>1.1 200 OK</span></div>
<div class='line'><span class='HeaderName'>Content-Type:</span><span class='HeaderValue'> text/html</span></div>
<div class='line'><span class='HeaderName'>Last-Modified:</span><span class='HeaderValue'> Thu, 08 Feb 2018 11:22:54 GMT</span></div>
<div class='line'><span class='HeaderName'>Accept-Ranges:</span><span class='HeaderValue'> bytes</span></div>
<div class='line'><span class='HeaderName'>ETag:</span><span class='HeaderValue'> "03b9229cfa0d31:0"</span></div>
<div class='line'><span class='HeaderName'>Vary:</span><span class='HeaderValue'> Accept-Encoding</span><span class='default'><br /></span></div>

        </div>
        <div class="page-break"></div>
    <h3>
        <span>6.2.2</span>
        <span>
                <a href="#HostHeaderPoisoning">Host Header Poisoning</a>
        </span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
        <div class="block-header bg-primary">
                <a name="24315289cee64dd38fb088af4754815c"></a>
            ID 34531834 - https://www.dashanqy.com/upfiles
        </div>
        <div class="block-header bg-gray">Request</div>
        <div class="syntax">
            <div class='line'><span class='default'>GET /upfiles HTTP/1.1</span></div>
<div class='line'><span class='AttackSelection'>Host: ams.fortify.com</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Upgrade-Insecure-Requests:</span><span class='HeaderValue'> 1</span></div>
<div class='line'><span class='HeaderName'>User-Agent:</span><span class='HeaderValue'> Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36</span></div>
<div class='line'><span class='HeaderName'>Accept:</span><span class='HeaderValue'> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;</span></div>
<div class='line'><span class='HeaderValue'>q=0.8</span></div>
<div class='line'><span class='HeaderName'>Referer:</span><span class='HeaderValue'> https://www.dashanqy.com/showwrite.aspx</span><span class='default'><br /></span></div>

        </div>
        <div class="block-header bg-gray">Response</div>
        <div class="syntax">
            <div class='line'><span class='default'>HTTP/1.1 </span><span class='AttackSelection'>301</span><span class='default'> Moved Permanently</span></div>
<div class='line'><span class='HeaderName'>Content-Type:</span><span class='HeaderValue'> text/html; charset=UTF-8</span></div>
<div class='line'><span class='AttackSelection'>Location: https://ams.fortify.com</span><span class='HeaderValue'>/upfiles/</span></div>
<div class='line'><span class='HeaderName'>X-Powered-By:</span><span class='HeaderValue'> ASP.NET</span></div>
<div class='line'><span class='HeaderName'>X-Frame-Options:</span><span class='HeaderValue'> SAMEORIGIN</span></div>
<div class='line'><span class='HeaderName'>Date:</span><span class='HeaderValue'> Mon, 09 Apr 2018 12:53:43 GMT</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Content-Length:</span><span class='HeaderValue'> 155</span><span class='default'><br /></span></div>

        </div>
        <div class="page-break"></div>
    <h3>
        <span>6.2.3</span>
        <span>
                <a href="#InsecureTransportHSTSnotSet">Insecure Transport: HSTS not Set</a>
        </span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
        <div class="block-header bg-primary">
                <a name="683262c6b79e49d4ac0e6ba79fbd93e8"></a>
            ID 59275861 - https://www.dashanqy.com:443/images/
        </div>
        <div class="block-header bg-gray">Request</div>
        <div class="syntax">
            <div class='line'><span class='default'>GET /images/ HTTP/1.1</span></div>
<div class='line'><span class='HeaderName'>Referer:</span><span class='HeaderValue'> https://www.dashanqy.com/images/contentbj.jpg</span></div>
<div class='line'><span class='HeaderName'>Accept:</span><span class='HeaderValue'> */*</span></div>
<div class='line'><span class='HeaderName'>Accept-Encoding:</span><span class='HeaderValue'> gzip, deflate</span></div>
<div class='line'><span class='HeaderName'>Pragma:</span><span class='HeaderValue'> no-cache</span></div>
<div class='line'><span class='HeaderName'>User-Agent:</span><span class='HeaderValue'> Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0</span></div>
<div class='line'><span class='HeaderName'>Host:</span><span class='HeaderValue'> www.dashanqy.com</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> Keep-Alive</span></div>
<div class='line'><span class='HeaderName'>X-Scan-Memo:</span><span class='HeaderValue'> Category="Audit.Attack"; SID="6C8EE8DD9C70DB3C98BBC468CA30BFB9"; PSID="164F9D44EC91BCB696C30EEB3CF02262"; SessionType="PathTruncation"; CrawlType="None"; AttackType="None"; OriginatingEngineID="398bfe9e-1b77-4458-9691-603eea06e341"; AttackSequence="0"; AttackParamDesc=""; AttackParamIndex="0"; AttackParamSubIndex="0"; CheckId="0"; Engine="Path+Truncation"; SmartMode="NonServerSpecificOnly"; ThreadId="203"; ThreadType="AuditorStateRequestorPool"; </span></div>
<div class='line'><span class='HeaderName'>X-RequestManager-Memo:</span><span class='HeaderValue'> sid="389"; smi="0"; sc="1"; ID="525978b4-c80b-4c96-871c-bd3f443d288b"; </span></div>
<div class='line'><span class='HeaderName'>X-Request-Memo:</span><span class='HeaderValue'> ID="f974d298-3a5e-4614-b1f3-e19718f554ed"; sc="1"; ThreadId="51"; </span></div>
<div class='line'><span class='HeaderName'>Cookie:</span><span class='HeaderValue'> CustomCookie=WebInspect122856ZX38A625F6A3164D32AE7BC3B51B1FE5DBY7708</span></div>
<div class='line'><span class='default'><br /></span></div>

        </div>
        <div class="block-header bg-gray">Response</div>
        <div class="syntax">
            <div class='line'><span class='default'>HTTP/1.1 200 OK</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Cache-Control:</span><span class='HeaderValue'> no-cache</span></div>
<div class='line'><span class='HeaderName'>Content-Type:</span><span class='HeaderValue'> text/html; charset=utf-8</span></div>
<div class='line'><span class='HeaderName'>Pragma:</span><span class='HeaderValue'> no-cache</span></div>
<div class='line'><span class='HeaderName'>Content-Length:</span><span class='HeaderValue'> 189</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>html</span><span class='default'>>&lt;</span><span class='ElementName'>head</span><span class='default'>>&lt;</span><span class='ElementName'>title</span><span class='default'>></span><span class='Text'>Request Rejected</span><span class='default'>&lt;</span><span class='ElementName'>/title</span><span class='default'>>&lt;</span><span class='ElementName'>/head</span><span class='default'>>&lt;</span><span class='ElementName'>body</span><span class='default'>></span><span class='Text'>The requested URL was rejected. Please consult with your administrator.</span><span class='default'>&lt;</span><span class='ElementName'>br</span><span class='default'>>&lt;</span><span class='ElementName'>br</span><span class='default'>></span><span class='Text'>Your support ID is: 11243405376118380002</span><span class='default'>&lt;</span><span class='ElementName'>/body</span><span class='default'>>&lt;</span><span class='ElementName'>/html</span><span class='default'>></span></div>

        </div>
        <div class="page-break"></div>
    <h3>
        <span>6.2.4</span>
        <span>
                <a href="#InsecureTransportWeakSSLCipher">Insecure Transport: Weak SSL Cipher</a>
        </span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
        <div class="block-header bg-primary">
                <a name="5bfa2c9e2bd9463ea5393f12a4eeb471"></a>
            ID 59275865 - https://www.dashanqy.com:443/company.aspx
        </div>
        <div class="block-header bg-gray">Request</div>
        <div class="syntax">
            <div class='line'><span class='default'>GET /company.aspx HTTP/1.1</span></div>
<div class='line'><span class='HeaderName'>Referer:</span><span class='HeaderValue'> https://www.dashanqy.com/</span></div>
<div class='line'><span class='HeaderName'>Accept:</span><span class='HeaderValue'> */*</span></div>
<div class='line'><span class='HeaderName'>Accept-Encoding:</span><span class='HeaderValue'> gzip, deflate</span></div>
<div class='line'><span class='HeaderName'>Pragma:</span><span class='HeaderValue'> no-cache</span></div>
<div class='line'><span class='HeaderName'>User-Agent:</span><span class='HeaderValue'> Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0</span></div>
<div class='line'><span class='HeaderName'>Host:</span><span class='HeaderValue'> www.dashanqy.com</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> Keep-Alive</span></div>
<div class='line'><span class='HeaderName'>X-Scan-Memo:</span><span class='HeaderValue'> Category="Crawl"; SID="A5CC8DCD80EE0E0AEC11A71DAC200483"; PSID="3C935875A1EB8F4C3FFB87D678B6DE49"; SessionType="Crawl"; CrawlType="HTML"; AttackType="None"; OriginatingEngineID="00000000-0000-0000-0000-000000000000"; AttributeName="href"; Format="NonRooted"; LinkKind="HyperLink"; Locations="HtmlNode"; Source="ScriptExecution"; ThreadId="236"; ThreadType="CrawlBreadthFirstDBReader"; </span></div>
<div class='line'><span class='HeaderName'>X-RequestManager-Memo:</span><span class='HeaderValue'> sid="369"; smi="0"; sc="1"; ID="b5fcc54f-62db-444c-b031-f5187cb6d23f"; </span></div>
<div class='line'><span class='HeaderName'>X-Request-Memo:</span><span class='HeaderValue'> ID="f4cf0927-65f0-4b52-a805-ec39d0f885e2"; sc="1"; ThreadId="29"; </span></div>
<div class='line'><span class='HeaderName'>Cookie:</span><span class='HeaderValue'> CustomCookie=WebInspect122856ZX38A625F6A3164D32AE7BC3B51B1FE5DBY7708;ASP.</span></div>
<div class='line'><span class='HeaderValue'>NET_SessionId=g5xr2xss1bhuu4xfomw4qin0;TS016d37e8=01851f6ed597b64128c12d0d507455</span></div>
<div class='line'><span class='HeaderValue'>3cd330410b91668015c50f5fb3b55e39bd2dc5c8a577ec6ec0d07eee63d245473efc91ce71ca</span></div>
<div class='line'><span class='default'><br /></span></div>

        </div>
        <div class="block-header bg-gray">Response</div>
        <div class="syntax">
            <div class='line'><span class='default'>HTTP/1.1 200 OK</span></div>
<div class='line'><span class='HeaderName'>Cache-Control:</span><span class='HeaderValue'> private</span></div>
<div class='line'><span class='HeaderName'>Content-Type:</span><span class='HeaderValue'> text/html; charset=utf-8</span></div>
<div class='line'><span class='HeaderName'>Vary:</span><span class='HeaderValue'> Accept-Encoding</span></div>
<div class='line'><span class='HeaderName'>X-Powered-By:</span><span class='HeaderValue'> ASP.NET</span></div>
<div class='line'><span class='HeaderName'>X-Frame-Options:</span><span class='HeaderValue'> SAMEORIGIN</span></div>
<div class='line'><span class='HeaderName'>Date:</span><span class='HeaderValue'> Thu, 05 Apr 2018 17:49:50 GMT</span></div>
<div class='line'><span class='HeaderName'>Content-Length:</span><span class='HeaderValue'> 43763</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>&lt;!DOCTYPE html></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>html</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>head</span><span class='default'>></span></div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>meta</span><span class='default'> http-</span><span class='AttrName'>equiv</span><span class='default'>=</span><span class='AttrValue'>"Content-Type"</span><span class='default'> </span><span class='AttrName'>content</span><span class='default'>=</span><span class='AttrValue'>"text/html; charset=utf-8"</span><span class='default'> /></span></div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>title</span><span class='default'>></span><span class='Text'>大山云南山泉官网</span><span class='default'>&lt;</span><span class='ElementName'>/title</span><span class='default'>></span></div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>link</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"/css/public.css"</span><span class='default'> </span><span class='AttrName'>rel</span><span class='default'>=</span><span class='AttrValue'>"stylesheet"</span><span class='default'> </span><span class='AttrName'>type</span><span class='default'>=</span><span class='AttrValue'>"text/css"</span><span class='default'> />   </span></div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>link</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"/css/company.css"</span><span class='default'> </span><span class='AttrName'>rel</span><span class='default'>=</span><span class='AttrValue'>"stylesheet"</span><span class='default'> </span><span class='AttrName'>type</span><span class='default'>=</span><span class='AttrValue'>"text/css"</span><span class='default'> />    </span></div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>script</span><span class='default'> </span><span class='AttrName'>src</span><span class='default'>=</span><span class='AttrValue'>"/js/jquery.min.js"</span><span class='default'> </span><span class='AttrName'>type</span><span class='default'>=</span><span class='AttrValue'>"text/javascript"</span><span class='default'>>&lt;</span><span class='ElementName'>/script</span><span class='default'>>  </span></div>
<div class='line'><span class='default'>    &lt;script type="text/javascript" src="/js/jquery.SuperSlide.2.1.1.js">&lt;/script> </span></div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>meta</span><span class='default'> </span><span class='AttrName'>name</span><span class='default'>=</span><span class='AttrValue'>"description"</span><span class='default'> </span><span class='AttrName'>content</span><span class='default'>=</span><span class='AttrValue'>"云南大山饮品有限公司为雀巢旗下全资企业，专注于包装饮用水的生产、研发和销售。经过多年发展，云南大山饮品有限公司已跻身中国天然矿泉水10强企业。</span></div>
<div class='line'><span class='AttrValue'>订水电话0871-96133。"</span><span class='default'> /></span></div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>meta</span><span class='default'> </span><span class='AttrName'>name</span><span class='default'>=</span><span class='AttrValue'>"keywords"</span><span class='default'> </span><span class='AttrName'>content</span><span class='default'>=</span><span class='AttrValue'>"大山云南山泉官网,大山云南山泉"</span><span class='default'> /></span></div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>meta</span><span class='default'> http-</span><span class='AttrName'>equiv</span><span class='default'>=</span><span class='AttrValue'>"X-Frame-Options"</span><span class='default'> </span><span class='AttrName'>content</span><span class='default'>=</span><span class='AttrValue'>"deny"</span><span class='default'>></span></div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>meta</span><span class='default'> http-</span><span class='AttrName'>equiv</span><span class='default'>=</span><span class='AttrValue'>"windows-Target"</span><span class='default'> </span><span class='AttrName'>contect</span><span class='default'>=</span><span class='AttrValue'>"_top"</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>/head</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>body</span><span class='default'>></span></div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"top"</span><span class='default'>></span></div>
<div class='line'><span class='default'>         &lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"logo"</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"index.aspx"</span><span class='default'>>&lt;</span><span class='ElementName'>img</span><span class='default'> </span><span class='AttrName'>src</span><span class='default'>=</span><span class='AttrValue'>"/images/logo.jpg"</span><span class='default'> </span><span class='AttrName'>alt</span><span class='default'>=</span><span class='AttrValue'>""</span><span class='default'> />&lt;</span><span class='ElementName'>/a</span><span class='default'>>&lt;</span><span class='ElementName'>/div</span><span class='default'>>     </span></div>
<div class='line'><span class='default'>         &lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"menudiv"</span><span class='default'>></span></div>
<div class='line'><span class='default'>             &lt;</span><span class='ElementName'>ul</span><span class='default'> </span><span class='AttrName'>id</span><span class='default'>=</span><span class='AttrValue'>"menu"</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"menu"</span><span class='default'>></span></div>
<div class='line'><span class='default'>			    &lt;</span><span class='ElementName'>li</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"nLi"</span><span class='default'>></span></div>
<div class='line'><span class='default'>				    &lt;</span><span class='ElementName'>h3</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"index.aspx"</span><span class='default'>></span><span class='Text'>首 页</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>>&lt;</span><span class='ElementName'>/h3</span><span class='default'>></span></div>
<div class='line'><span class='default'>			    &lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>			    &lt;</span><span class='ElementName'>li</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"nLi on"</span><span class='default'>></span></div>
<div class='line'><span class='default'>					    &lt;</span><span class='ElementName'>h3</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"javascript:;"</span><span class='default'>></span><span class='Text'>公司简介</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>>&lt;</span><span class='ElementName'>/h3</span><span class='default'>></span></div>
<div class='line'><span class='default'>					    &lt;</span><span class='ElementName'>ul</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"sub"</span><span class='default'>></span></div>
<div class='line'><span class='default'>						    &lt;</span><span class='ElementName'>li</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"company.aspx"</span><span class='default'>></span><span class='Text'>关于大山</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>>&lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>						    &lt;</span><span class='ElementName'>li</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"process.aspx"</span><span class='default'>></span><span class='Text'>大山历程</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>>&lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>						    &lt;</span><span class='ElementName'>li</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"honor.aspx"</span><span class='default'>></span><span class='Text'>企业荣誉</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>>&lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>						    &lt;</span><span class='ElementName'>li</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"base.aspx"</span><span class='default'>></span><span class='Text'>生产基地</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>>&lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>						    &lt;</span><span class='ElementName'>li</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"service.aspx"</span><span class='default'>></span><span class='Text'>大山公益</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>>&lt;</span><span class='ElementName'>/li</span><span class='default'>>						  </span></div>
<div class='line'><span class='default'>					    &lt;</span><span class='ElementName'>/ul</span><span class='default'>></span></div>
<div class='line'><span class='default'>			    &lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>			    &lt;</span><span class='ElementName'>li</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"nLi"</span><span class='default'>>			</span></div>
<div class='line'><span class='default'>					    &lt;</span><span class='ElementName'>h3</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"news.aspx"</span><span class='default'>></span><span class='Text'>新闻中心</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>>&lt;</span><span class='ElementName'>/h3</span><span class='default'>></span></div>
<div class='line'><span class='default'>                        &lt;</span><span class='ElementName'>ul</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"sub"</span><span class='default'>></span></div>
<div class='line'><span class='default'>						    &lt;</span><span class='ElementName'>li</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"news.aspx"</span><span class='default'>></span><span class='Text'>公司动态</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>>&lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>						    &lt;</span><span class='ElementName'>li</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"pronews.aspx"</span><span class='default'>></span><span class='Text'>产品动态</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>>&lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>						    &lt;</span><span class='ElementName'>li</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"economy.aspx"</span><span class='default'>></span><span class='Text'>行业动态</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>>&lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>						    &lt;</span><span class='ElementName'>li</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"videolist.aspx"</span><span class='default'>></span><span class='Text'>最新视频</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>>&lt;</span><span class='ElementName'>/li</span><span class='default'>>						    				  </span></div>
<div class='line'><span class='default'>					    &lt;</span><span class='ElementName'>/ul</span><span class='default'>>						    </span></div>
<div class='line'><span class='default'>			    &lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>			    &lt;</span><span class='ElementName'>li</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"nLi "</span><span class='default'>></span></div>
<div class='line'><span class='default'>					    &lt;</span><span class='ElementName'>h3</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"prolist.aspx"</span><span class='default'> ></span><span class='Text'>产品展示</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>>&lt;</span><span class='ElementName'>/h3</span><span class='default'>></span></div>
<div class='line'><span class='default'>                        &lt;</span><span class='ElementName'>ul</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"sub"</span><span class='default'>></span></div>
<div class='line'><span class='default'>						    &lt;</span><span class='ElementName'>li</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"prolist2.aspx"</span><span class='default'>></span><span class='Text'>桶装水</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>>&lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>						    &lt;</span><span class='ElementName'>li</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"prolist1.aspx"</span><span class='default'>></span><span class='Text'>瓶装水</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>>&lt;</span><span class='ElementName'>/li</span><span class='default'>>						   		    				  </span></div>
<div class='line'><span class='default'>					    &lt;</span><span class='ElementName'>/ul</span><span class='default'>>						    </span></div>
<div class='line'><span class='default'>			    &lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>			    &lt;</span><span class='ElementName'>li</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"nLi"</span><span class='default'>></span></div>
<div class='line'><span class='default'>					    &lt;</span><span class='ElementName'>h3</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"showwrite.aspx"</span><span class='default'>></span><span class='Text'>客户留言</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>>&lt;</span><span class='ElementName'>/h3</span><span class='default'>>					   </span></div>
<div class='line'><span class='default'>			    &lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>                &lt;</span><span class='ElementName'>li</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"nLi"</span><span class='default'>></span></div>
<div class='line'><span class='default'>					    &lt;</span><span class='ElementName'>h3</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"javascript:;"</span><span class='default'> ></span><span class='Text'>加入大山</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>>&lt;</span><span class='ElementName'>/h3</span><span class='default'>></span></div>
<div class='line'><span class='default'>					    &lt;</span><span class='ElementName'>ul</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"sub"</span><span class='default'>></span></div>
<div class='line'><span class='default'>						    &lt;</span><span class='ElementName'>li</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"join.aspx"</span><span class='default'>></span><span class='Text'>诚邀加盟</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>>&lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>						    &lt;</span><span class='ElementName'>li</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"jobshow.aspx"</span><span class='default'>></span><span class='Text'>人才招聘</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>>&lt;</span><span class='ElementName'>/li</span><span class='default'>>						   </span></div>
<div class='line'><span class='default'>					    &lt;</span><span class='ElementName'>/ul</span><span class='default'>></span></div>
<div class='line'><span class='default'>			    &lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>                &lt;</span><span class='ElementName'>li</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"nLi"</span><span class='default'>></span></div>
<div class='line'><span class='default'>					    &lt;</span><span class='ElementName'>h3</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"about.aspx"</span><span class='default'>></span><span class='Text'>联系我们</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>>&lt;</span><span class='ElementName'>/h3</span><span class='default'>></span></div>
<div class='line'><span class='default'>			    &lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>		    &lt;</span><span class='ElementName'>/ul</span><span class='default'>></span></div>
<div class='line'><span class='default'>        &lt;</span><span class='ElementName'>/div</span><span class='default'>></span></div>
<div class='line'><span class='default'>        &lt;</span><span class='ElementName'>script</span><span class='default'> </span><span class='AttrName'>id</span><span class='default'>=</span><span class='AttrValue'>"jsID"</span><span class='default'> </span><span class='AttrName'>type</span><span class='default'>=</span><span class='AttrValue'>"text/javascript"</span><span class='default'>></span></div>
<div class='line'><span class='default'>            jQuery("#menu").slide({</span></div>
<div class='line'><span class='default'>                type: "menu", </span><span class='JSComment'>// 效果类型，针对菜单/导航而引入的参数（默认slide）</span></div>
<div class='line'><span class='default'>                titCell: ".nLi", </span><span class='JSComment'>//鼠标触发对象</span></div>
<div class='line'><span class='default'>                targetCell: ".sub", </span><span class='JSComment'>//titCell里面包含的要显示/消失的对象</span></div>
<div class='line'><span class='default'>                effect: "slideDown", </span><span class='JSComment'>//targetCell下拉效果</span></div>
<div class='line'><span class='default'>                delayTime: 300, </span><span class='JSComment'>//效果时间</span></div>
<div class='line'><span class='default'>                triggerTime: 0, </span><span class='JSComment'>//鼠标延迟触发时间（默认150）</span></div>
<div class='line'><span class='default'>                returnDefault: </span><span class='JSKeyword'>true</span><span class='default'> </span><span class='JSComment'>//鼠标移走后返回默认状态，例如默认频道是“预告片”，鼠标移走后会返回“预告片”（默认false）</span></div>
<div class='line'><span class='default'>            });</span></div>
<div class='line'><span class='default'>		&lt;/script></span></div>
<div class='line'><span class='default'>         &lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"tel"</span><span class='default'>></span></div>
<div class='line'><span class='default'>             &lt;</span><span class='ElementName'>img</span><span class='default'> </span><span class='AttrName'>src</span><span class='default'>=</span><span class='AttrValue'>"/images/tel.jpg"</span><span class='default'> </span><span class='AttrName'>alt</span><span class='default'>=</span><span class='AttrValue'>""</span><span class='default'> /></span></div>
<div class='line'><span class='default'>         &lt;</span><span class='ElementName'>/div</span><span class='default'>></span></div>
<div class='line'><span class='default'>         &lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"search"</span><span class='default'>></span></div>
<div class='line'><span class='default'>           &lt;</span><span class='ElementName'>form</span><span class='default'> </span><span class='AttrName'>id</span><span class='default'>=</span><span class='AttrValue'>"frm1"</span><span class='default'>  </span><span class='AttrName'>method</span><span class='default'>=</span><span class='AttrValue'>"post"</span><span class='default'> </span><span class='AttrName'>action</span><span class='default'>=</span><span class='AttrValue'>"search.aspx"</span><span class='default'>></span></div>
<div class='line'><span class='default'>            &lt;</span><span class='ElementName'>table</span><span class='default'>></span></div>
<div class='line'><span class='default'>                &lt;</span><span class='ElementName'>tr</span><span class='default'>></span></div>
<div class='line'><span class='default'>                    &lt;</span><span class='ElementName'>td</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"width:30px; cursor:pointer;"</span><span class='default'> </span><span class='AttrName'>id</span><span class='default'>=</span><span class='AttrValue'>"searbtn"</span><span class='default'>>&lt;</span><span class='ElementName'>/td</span><span class='default'>></span></div>
<div class='line'><span class='default'>                    &lt;</span><span class='ElementName'>td</span><span class='default'>>&lt;</span><span class='ElementName'>input</span><span class='default'> </span><span class='AttrName'>type</span><span class='default'>=</span><span class='AttrValue'>"text"</span><span class='default'> </span><span class='AttrName'>id</span><span class='default'>=</span><span class='AttrValue'>"searchtxt"</span><span class='default'> </span><span class='AttrName'>name</span><span class='default'>=</span><span class='AttrValue'>"searchtxt"</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"width:30px;"</span><span class='default'> />&lt;</span><span class='ElementName'>/td</span><span class='default'>></span></div>
<div class='line'><span class='default'>                &lt;</span><span class='ElementName'>/tr</span><span class='default'>>                </span></div>
<div class='line'><span class='default'>            &lt;</span><span class='ElementName'>/table</span><span class='default'>></span></div>
<div class='line'><span class='default'>            &lt;</span><span class='ElementName'>/form</span><span class='default'>></span></div>
<div class='line'><span class='default'>            &lt;</span><span class='ElementName'>script</span><span class='default'>></span></div>
<div class='line'><span class='default'>                $("#searbtn").bind("click", function () {</span></div>
<div class='line'><span class='default'>                    var seatxt = $("#searchtxt").val();</span></div>
<div class='line'><span class='default'>                    if (seatxt == "") {</span></div>
<div class='line'><span class='default'>                        alert("请输入要搜索的内容");</span></div>
<div class='line'><span class='default'>                        return;</span></div>
<div class='line'><span class='default'>                    }</span></div>
<div class='line'><span class='default'>                    var reg = /^(\w|[\u4E00-\u9FA5])*$/;</span></div>
<div class='line'><span class='default'>                    if (!reg.test(seatxt)) {</span></div>
<div class='line'><span class='default'>                        alert("搜索的内容不合法");</span></div>
<div class='line'><span class='default'>                        return;</span></div>
<div class='line'><span class='default'>                    }     </span></div>
<div class='line'><span class='default'>                    frm1.submit();</span></div>
<div class='line'><span class='default'>                })</span></div>
<div class='line'><span class='default'>            &lt;</span><span class='ElementName'>/script</span><span class='default'>></span></div>
<div class='line'><span class='default'>         &lt;</span><span class='ElementName'>/div</span><span class='default'>></span></div>
<div class='line'><span class='default'>     &lt;</span><span class='ElementName'>/div</span><span class='default'>></span></div>
<div class='line'><span class='default'>     &lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"content"</span><span class='default'>></span></div>
<div class='line'><span class='default'>          &lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"nav"</span><span class='default'>>&lt;</span><span class='ElementName'>span</span><span class='default'>></span><span class='Text'>当前位置：</span><span class='default'>&lt;</span><span class='ElementName'>/span</span><span class='default'>>&lt;</span><span class='ElementName'>span</span><span class='default'>  </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"padding-left:10px;"</span><span class='default'>>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"index.aspx"</span><span class='default'>></span><span class='Text'>首页</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>></span><span class='Text'> > </span><span class='default'>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"company.aspx"</span><span class='default'>></span><span class='Text'>公司简介</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>></span><span class='Text'> > </span><span class='default'>&lt;</span><span class='ElementName'>/span</span><span class='default'>>&lt;</span><span class='ElementName'>span</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"fontcolor"</span><span class='default'>></span><span class='Text'>关于大山</span><span class='default'>&lt;</span><span class='ElementName'>/span</span><span class='default'>>&lt;</span><span class='ElementName'>/div</span><span class='default'>></span></div>
<div class='line'><span class='default'>          &lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"com_content"</span><span class='default'>></span></div>
<div class='line'><span class='default'>               &lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"comtitle1"</span><span class='default'>></span><span class='Text'>公司简介</span><span class='default'>&lt;</span><span class='ElementName'>/div</span><span class='default'>></span></div>
<div class='line'><span class='default'>               &lt;</span><span class='ElementName'>p</span><span class='default'>>&lt;</span><span class='ElementName'>img</span><span class='default'> </span><span class='AttrName'>src</span><span class='default'>=</span><span class='AttrValue'>"/images/base.jpg"</span><span class='default'> </span><span class='AttrName'>alt</span><span class='default'>=</span><span class='AttrValue'>""</span><span class='default'> />&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>               &lt;</span><span class='ElementName'>br</span><span class='default'> /></span></div>
<div class='line'><span class='default'>                  &lt;</span><span class='ElementName'>p</span><span class='default'>></span></div>
<div class='line'><span class='default'>                     云南大山饮品有限公司为雀巢旗下全资企业，专注于包装饮用水的生产、研发和销售。经过多年发展，云南大山饮品有限公司已跻身中国天然矿泉水10强企业。其包装饮用水品牌大</span></div>
<div class='line'><span class='default'>山·云南山泉曾荣获“中国名牌”等数十项政府和行业荣誉，为云南包装饮用水行业知名品牌。</span></div>
<div class='line'><span class='default'>                  &lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>               &lt;</span><span class='ElementName'>br</span><span class='default'> /></span></div>
<div class='line'><span class='default'>               &lt;</span><span class='ElementName'>p</span><span class='default'>></span><span class='Text'>大山作为雀巢大家庭成员，享用雀巢强大的技术资源，确保先进的生产工艺，每年由来自雀巢集团的技术专家到工厂进行审核，持续改进，确保处于行业先进水平。</span><span class='default'>&lt;</span><span class='Text'><br /></span></div>
<div class='line'><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>               &lt;</span><span class='ElementName'>br</span><span class='default'> />         </span></div>
<div class='line'><span class='default'>               &lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"comleft"</span><span class='default'>></span></div>
<div class='line'><span class='default'>                    &lt;!--&lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"comtitle2"</span><span class='default'>></span><span class='Text'>市场影响力</span><span class='default'>&lt;</span><span class='ElementName'>/div</span><span class='default'>></span></div>
<div class='line'><span class='default'>                    &lt;</span><span class='ElementName'>p</span><span class='default'>></span><span class='Text'>目前，大山“云南山泉”瓶装水销售网络已辐射云南周边省区和国家，覆盖云南全省市场95%以上。大山“云南山泉”桶装水在全省有超过100万户的家庭用户。200多</span></div>
<div class='line'><span class='Text'>辆货车每天将大山“云南山泉”运往各地。长期合作的瓶装水经销商超过300家。桶装水服务网点覆盖全省多个地区，拥有桶装水服务配送网点300多个。公司现有在册员工70</span></div>
<div class='line'><span class='Text'>0多人，产业链上从事公司产品销售、物流、服务的人员近5000人。</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>                    &lt;</span><span class='ElementName'>br</span><span class='default'> />--></span></div>
<div class='line'><span class='default'>                    &lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"comtitle3"</span><span class='default'>></span><span class='Text'>公司愿景</span><span class='default'>&lt;</span><span class='ElementName'>/div</span><span class='default'>></span></div>
<div class='line'><span class='default'>                    &lt;</span><span class='ElementName'>p</span><span class='default'>></span><span class='Text'>面对未来，公司将专注包装饮用水行业，在本土化团队对产品的激情以及对消费者深刻了解的基础上，充分融合雀巢全球化的先进技术、运营经验与品牌文化，为消费者提供更</span></div>
<div class='line'><span class='Text'>加安全、健康的产品和高品质的服务，不断满足消费者需求。</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>                    &lt;</span><span class='ElementName'>br</span><span class='default'> /></span></div>
<div class='line'><span class='default'>                &lt;</span><span class='ElementName'>/div</span><span class='default'>> </span></div>
<div class='line'><span class='default'>                &lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"comright"</span><span class='default'>></span></div>
<div class='line'><span class='default'>                    &lt;</span><span class='ElementName'>img</span><span class='default'> </span><span class='AttrName'>src</span><span class='default'>=</span><span class='AttrValue'>"/images/company_pic.jpg"</span><span class='default'> </span><span class='AttrName'>alt</span><span class='default'>=</span><span class='AttrValue'>""</span><span class='default'> /></span></div>
<div class='line'><span class='default'>                &lt;</span><span class='ElementName'>/div</span><span class='default'>></span></div>
<div class='line'><span class='default'>                &lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"clear"</span><span class='default'>>&lt;</span><span class='ElementName'>/div</span><span class='default'>>  </span></div>
<div class='line'><span class='default'>                &lt;</span><span class='ElementName'>br</span><span class='default'> />             </span></div>
<div class='line'><span class='default'>          &lt;</span><span class='ElementName'>/div</span><span class='default'>></span></div>
<div class='line'><span class='default'>     &lt;</span><span class='ElementName'>/div</span><span class='default'>></span></div>
<div class='line'><span class='default'>     &lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"bottom"</span><span class='default'>></span></div>
<div class='line'><span class='default'>         Copyright 2016 云南大山饮品有限公司, All Rights Reserved | 滇ICP备07002438号 | &lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"site.aspx"</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"sitea"</span><span class='default'>></span><span class='Text'>网站地图</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>></span><span class='Text'> | </span><span class='default'>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"javascript:;"</span><span class='default'> </span><span class='AttrName'>id</span><span class='default'>=</span><span class='AttrValue'>"yisi"</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"sitea"</span><span class='default'>></span><span class='Text'>隐私政策</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>></span><span class='Text'> | </span><span class='default'>&lt;</span><span class='ElementName'>a</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"javascript:;"</span><span class='default'>  </span><span class='AttrName'>id</span><span class='default'>=</span><span class='AttrValue'>"tiaokuan"</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"sitea"</span><span class='default'>></span><span class='Text'>网站使用条款</span><span class='default'>&lt;</span><span class='ElementName'>/a</span><span class='default'>></span></div>
<div class='line'><span class='default'>     &lt;</span><span class='ElementName'>/div</span><span class='default'>></span></div>
<div class='line'><span class='default'>     &lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>id</span><span class='default'>=</span><span class='AttrValue'>"divDisable1"</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"position: fixed;height: 100%;width: 100%;background: #000;background: rgba(0,0,0,.8);z-index: 100;display: none;top: 0;left: 0;"</span><span class='default'>> </span></div>
<div class='line'><span class='default'>        &lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"top: 10%;left: 45%;margin-left: -300px;width: 720px;height:500px; background: #eee url(images/modal-gloss.png) no-repeat -200px -80px;position: absolute;z-index: 101;padding: 10px;-moz-border-radius: 5px;-webkit-border-radius: 5px;border-radius: 5px;"</span><span class='default'>></span></div>
<div class='line'><span class='default'>            &lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"font-size: 26px;line-height:45px; border-bottom:1px dashed  #333;"</span><span class='default'>></span><span class='Text'>隐私政策</span><span class='default'>&lt;</span><span class='ElementName'>/div</span><span class='default'>></span></div>
<div class='line'><span class='default'>            &lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>class</span><span class='default'>=</span><span class='AttrValue'>"tbdiv"</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"width:100%;height:450px; overflow-y:scroll; margin-top:10px;"</span><span class='default'>></span></div>
<div class='line'><span class='default'>             &lt;</span><span class='ElementName'>p</span><span class='default'>></span><span class='Text'>[</span><span class='default'>&lt;</span><span class='ElementName'>b</span><span class='default'>></span><span class='Text'>云南大山饮品有限公司</span><span class='default'>&lt;</span><span class='ElementName'>/b</span><span class='default'>></span><span class='Text'>] (“</span><span class='default'>&lt;</span><span class='ElementName'>b</span><span class='default'>></span><span class='Text'>大山</span><span class='default'>&lt;</span><span class='ElementName'>/b</span><span class='default'>></span><span class='Text'>”)致力于保护您的隐私，并确保您在个人资料方面始终信任大山。当您与我们互动时，您可能会与我们分享能识别您作为一个个体的个人信息（如姓名、 电子邮箱、 地址、 电话号码等）。这就是所称的“个人资料”。</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'>></span><span class='Text'>本政策 (“</span><span class='default'>&lt;</span><span class='ElementName'>b</span><span class='default'>></span><span class='Text'>隐私政策</span><span class='default'>&lt;</span><span class='ElementName'>/b</span><span class='default'>></span><span class='Text'>”) 设定以下内容:</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'>></span><span class='Text'>1.适用范围和接受</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'>></span><span class='Text'>2.大山收集的个人资料</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'>></span><span class='Text'>3.儿童的个人资料</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'>></span><span class='Text'>4.大山为何收集个人资料并如何使用这些资料</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'>></span><span class='Text'>5.大山对个人资料的共享</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'>></span><span class='Text'>6.您的权利</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'>></span><span class='Text'>7.Cookie和其他追踪技术</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'>></span><span class='Text'>8.资料安全和资料留存；</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'>></span><span class='Text'>9.如何联系我们</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"font-weight:bold;"</span><span class='default'>></span><span class='Text'>1、本隐私政策的适用范围和接受本政策</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'>  </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"padding-left:20px;"</span><span class='default'>></span><span class='Text'>本隐私政策适用于为了向您提供我们的产品和服务而收集的您的个人资料。</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'>  </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"padding-left:20px;"</span><span class='default'>></span><span class='Text'>通过使用大山站点 （如下所定义）或通过向我们提供您的个人资料，您接受本隐私政策中所述的做法。如果您不同意本隐私政策，请不要使用大山站点 （如下所定义），也不要向我们提供任何个人资料。</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'>  </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"padding-left:20px;"</span><span class='default'>></span><span class='Text'>大山公司有权随时更改本隐私政策。我们鼓励您定期查看本隐私政策，以确保您知晓任何变动，并了解您的信息可能被如</span></div>
<div class='line'><span class='Text'>何使用。</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"font-weight:bold;"</span><span class='default'>></span><span class='Text'>2、大山收集的个人资料</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"padding-left:20px;"</span><span class='default'>></span><span class='Text'>大山可能通过各种来源收集关于您的个人资料，包括通过：</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"padding-left:20px;"</span><span class='default'>></span><span class='Text'>参与我们的线上和电子互动，互动媒介包括大山的网站、 移动应用程序、 短信程序或大山品牌网页或第三方社交网络上的应用程序（“</span><span class='default'>&lt;</span><span class='ElementName'>b</span><span class='default'>></span><span class='Text'>大山站点</span><span class='default'>&lt;</span><span class='ElementName'>/b</span><span class='default'>></span><span class='Text'>”）；</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"padding-left:20px;"</span><span class='default'>></span><span class='Text'>参与我们的线下互动，互动方式包括通过直接市场营销活动、纸质登记卡、 参加竞赛和通过大山消费者服务电话中心与我们联系等；</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"padding-left:20px;"</span><span class='default'>></span><span class='Text'>与有针对性的在线内容的互动 （如广告），即大山或服务提供商以我们的名义，通过第三方网站或应用程序为您提供的互动。</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"font-weight:bold;"</span><span class='default'>></span><span class='Text'>2.1 您直接向我们提供的资料</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'>  </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"padding-left:20px;"</span><span class='default'>></span><span class='Text'>这是您出于特定目的同意提供给我们的资料，包括：</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"padding-left:20px;line-height:30px;"</span><span class='default'>></span></div>
<div class='line'><span class='default'>   &lt;</span><span class='ElementName'>li</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"list-style-type:square;list-style-position:outside;"</span><span class='default'>></span><span class='Text'>个人联系信息，包括允许大山与您本人联系的</span></div>
<div class='line'><span class='Text'>任何信息（例如名称、家庭住址或邮件/邮箱地址，以及电话号码等）；</span><span class='default'>&lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>   &lt;</span><span class='ElementName'>li</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"list-style-type:square;list-style-position:outside;"</span><span class='default'>></span><span class='Text'>人口统计信息，包括出生日期、年龄、性别、</span></div>
<div class='line'><span class='Text'>位置（如邮政编码、市、省以及地理位置）、最中意的产品、爱好、兴趣和家庭或生活方式信息；</span><span class='default'>&lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>   &lt;</span><span class='ElementName'>li</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"list-style-type:square;list-style-position:outside;"</span><span class='default'>></span><span class='Text'>包括为购物目的提供的付款信息（例如信用卡</span></div>
<div class='line'><span class='Text'>号码、到期日期、帐单邮寄地址）；</span><span class='default'>&lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>   &lt;</span><span class='ElementName'>li</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"list-style-type:square;list-style-position:outside;"</span><span class='default'>></span><span class='Text'>帐户登录信息，包括您建立一个大山用户帐户</span></div>
<div class='line'><span class='Text'>所需的任何信息（例如登录身份/邮箱地址、用户名、密码和安全性问题/回答） ；</span><span class='default'>&lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>   &lt;</span><span class='ElementName'>li</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"list-style-type:square;list-style-position:outside;"</span><span class='default'>></span><span class='Text'>消费者反馈，包括与大山共享您使用大山的产</span></div>
<div class='line'><span class='Text'>品和服务的体验之类的信息（例如您的评论和建议，产品评价和其他与大山产品相关的反馈）；</span><span class='default'>&lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>   &lt;</span><span class='ElementName'>li</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"list-style-type:square;list-style-position:outside;"</span><span class='default'>></span><span class='Text'>消费者生成的内容，包括由您创建、然后上传</span></div>
<div class='line'><span class='Text'>到大山站点并与大山 （或许是其他人）分享的任何内容 （如照片、 视频和个人故事）。</span><span class='default'>&lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>/div</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"font-weight:bold;"</span><span class='default'>></span><span class='Text'>2.2 您与大山站点进行互动时我们所收集的资料</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"padding-left:20px;"</span><span class='default'>></span><span class='Text'>当您与大山站点互动时，我们使用cookie和其它跟踪技术，收集某些种类的信息。请查看第7条以了解更多。</span><span class='default'>&lt;</span><span class='Text'><br /></span></div>
<div class='line'><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"font-weight:bold;"</span><span class='default'>></span><span class='Text'>2.3 从其他来源收集的资料</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>p</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"padding-left:20px;"</span><span class='default'>></span><span class='Text'>我们可能会从其他合法来源收集关于您的信息，以便为您提供我们的产品和服务。这些来源包括第三方资料整合方、 大山促销伙伴、 公共来源和第三方社交网站。此类信息可能包括：</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"padding-left:20px;line-height:30px;"</span><span class='default'>></span></div>
<div class='line'><span class='default'>   &lt;</span><span class='ElementName'>li</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"list-style-type:square;list-style-position:outside;"</span><span class='default'>></span><span class='Text'>个人联系信息； </span><span class='default'>&lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'>   &lt;</span><span class='ElementName'>li</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"list-style-type:square;list-style-position:outside;"</span><span class='default'>></span><span class='Text'>您存放在第三方社交网络中的、并允许第三方</span></div>
<div class='line'><span class='Text'>社交网络与我们分享的任何个人资料 （如姓名、 电子邮箱地址、 性别、 生日、 城市、 个人资料图片、用户 ID、好友列表）。您可以通过访问相关第三方社交网络了解更多有关我们可能获得的关于您的资料。</span><span class='default'>&lt;</span><span class='ElementName'>/li</span><span class='default'>></span></div>
<div class='line'><span class='default'> &lt;</span><span class='ElementName'>/div</span><span class='default'>></span></div>
<div class='line'><span class='default'> &lt;</span><span class='ElementName'>p</span><span class='default'>  </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"padding-left:20px;"</span><span class='default'>></span><span class='Text'>当我们收购其它公司时，我们也可能会接收到某些个人资料。</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'> &lt;</span><span class='ElementName'>p</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"font-weight:bold;"</span><span class='default'>></span><span class='Text'>3、儿童的个人资料</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'> &lt;</span><span class='ElementName'>p</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"padding-left:20px;"</span><span class='default'>></span><span class='Text'>大山不会主动向 16岁以下的儿童寻求或收集个人资料。如果大山发现它无意中从一个16岁以下的儿童处收集了个人资料，则将在合理时间内尽快地删除其记录的该名儿童的个人资料。然而，大山</span></div>
<div class='line'><span class='Text'>可能会根据家长或监护人的明确同意，直接从家长或监护人处收集年龄16岁以下儿童的个人资料。</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'> &lt;</span><span class='ElementName'>p</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"font-weight:bold;"</span><span class='default'>></span><span class='Text'>4、大山为何收集个人资料并如何使用这些资料</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span></div>
<div class='line'><span class='default'> &lt;</span><span class='ElementName'>p</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"padding-left:20px;"</span><span class='default'>></span><span class='Text'>大山仅在必要时收集和使用个人资料。大山可能为下述部分或全部目的使用您的个人资料：</span><span class='default'>&lt;</span><span class='ElementName'>/p</span><span class='default'>></span><span class='ElementName'><br /></span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"padding-left:20px;line-height:30px;"</span><span class='default'>></span></div>
<div class='line'><span class='default'>   &lt;</span><span class='ElementName'>li</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"list-style-type:square;list-style-position:outside;"</span><span class='default'>>订单 ——处理和交付您的订单，知会您订单状态。请注...[TRUNCATED]...</span></div>

        </div>
        <div class="page-break"></div>
    <h3>
        <span>6.2.5</span>
        <span>
                <a href="#InsecureTransportWeakSSLProtocol">Insecure Transport: Weak SSL Protocol</a>
        </span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
        <div class="block-header bg-primary">
                <a name="9caf673627fd4444863e47320bf523dc"></a>
            ID 43433790 - https://www.dashanqy.com/
        </div>
        <div class="block-header bg-gray">Request</div>
        <div class="syntax">
            <div class='line'><span class='default'>GET / HTTP/1.1</span></div>
<div class='line'><span class='HeaderName'>Host:</span><span class='HeaderValue'> www.dashanqy.com</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Upgrade-Insecure-Requests:</span><span class='HeaderValue'> 1</span></div>
<div class='line'><span class='HeaderName'>User-Agent:</span><span class='HeaderValue'> Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36</span></div>
<div class='line'><span class='HeaderName'>Accept:</span><span class='HeaderValue'> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;</span></div>
<div class='line'><span class='HeaderValue'>q=0.8</span></div>
<div class='line'><span class='HeaderName'>Accept-Encoding:</span><span class='HeaderValue'> gzip, deflate</span></div>
<div class='line'><span class='HeaderName'>Accept-Language:</span><span class='HeaderValue'> en-US,en;q=0.9</span></div>
<div class='line'><span class='HeaderName'>Cookie:</span><span class='HeaderValue'> ASP.NET_SessionId=uwflf5f2apq1utt5inzr0i5y; TS016d37e8=01851f6ed5f9fd1b5033354579197bdcf842f2923c196e927f96506f41f192ef2a478</span></div>
<div class='line'><span class='HeaderValue'>78299fcf59ab4b60b5684412d5310a20b129b</span></div>
<div class='line'><span class='default'><br /></span></div>

        </div>
        <div class="block-header bg-gray">Response</div>
        <div class="syntax">
            <div class='line'><span class='default'>HTTP/1.1 200 OK</span></div>
<div class='line'><span class='HeaderName'>Cache-Control:</span><span class='HeaderValue'> private</span></div>
<div class='line'><span class='HeaderName'>Content-Type:</span><span class='HeaderValue'> text/html; charset=utf-8</span></div>
<div class='line'><span class='HeaderName'>Vary:</span><span class='HeaderValue'> Accept-Encoding</span></div>
<div class='line'><span class='HeaderName'>X-Powered-By:</span><span class='HeaderValue'> ASP.NET</span></div>
<div class='line'><span class='HeaderName'>X-Frame-Options:</span><span class='HeaderValue'> SAMEORIGIN</span></div>
<div class='line'><span class='HeaderName'>Date:</span><span class='HeaderValue'> Mon, 09 Apr 2018 00:58:33 GMT</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Content-Length:</span><span class='HeaderValue'> 44923</span></div>
<div class='line'><span class='HeaderName'>Set-Cookie:</span><span class='HeaderValue'> TS016d37e8=01851f6ed5962d9da0fca906b73154f7115c8d0842927a45143768527b2a0f0aefc54</span></div>
<div class='line'><span class='HeaderValue'>ddbc2588a4c9cb1e0ae06bf7d7b3fb8a283f7; Path=/</span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>[Binary data]</span></div>

        </div>
        <div class="page-break"></div>
        <div class="block-header bg-primary">
                <a name="99723eb1327841828c027958716635ba"></a>
            ID 43433791 - https://www.dashanqy.com/
        </div>
        <div class="block-header bg-gray">Request</div>
        <div class="syntax">
            <div class='line'><span class='default'>GET / HTTP/1.1</span></div>
<div class='line'><span class='HeaderName'>Host:</span><span class='HeaderValue'> www.dashanqy.com</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Upgrade-Insecure-Requests:</span><span class='HeaderValue'> 1</span></div>
<div class='line'><span class='HeaderName'>User-Agent:</span><span class='HeaderValue'> Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36</span></div>
<div class='line'><span class='HeaderName'>Accept:</span><span class='HeaderValue'> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;</span></div>
<div class='line'><span class='HeaderValue'>q=0.8</span></div>
<div class='line'><span class='HeaderName'>Accept-Encoding:</span><span class='HeaderValue'> gzip, deflate</span></div>
<div class='line'><span class='HeaderName'>Accept-Language:</span><span class='HeaderValue'> en-US,en;q=0.9</span></div>
<div class='line'><span class='HeaderName'>Cookie:</span><span class='HeaderValue'> ASP.NET_SessionId=uwflf5f2apq1utt5inzr0i5y; TS016d37e8=01851f6ed5f9fd1b5033354579197bdcf842f2923c196e927f96506f41f192ef2a478</span></div>
<div class='line'><span class='HeaderValue'>78299fcf59ab4b60b5684412d5310a20b129b</span></div>
<div class='line'><span class='default'><br /></span></div>

        </div>
        <div class="block-header bg-gray">Response</div>
        <div class="syntax">
            <div class='line'><span class='default'>HTTP/1.1 200 OK</span></div>
<div class='line'><span class='HeaderName'>Cache-Control:</span><span class='HeaderValue'> private</span></div>
<div class='line'><span class='HeaderName'>Content-Type:</span><span class='HeaderValue'> text/html; charset=utf-8</span></div>
<div class='line'><span class='HeaderName'>Vary:</span><span class='HeaderValue'> Accept-Encoding</span></div>
<div class='line'><span class='HeaderName'>X-Powered-By:</span><span class='HeaderValue'> ASP.NET</span></div>
<div class='line'><span class='HeaderName'>X-Frame-Options:</span><span class='HeaderValue'> SAMEORIGIN</span></div>
<div class='line'><span class='HeaderName'>Date:</span><span class='HeaderValue'> Mon, 09 Apr 2018 00:58:33 GMT</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Content-Length:</span><span class='HeaderValue'> 44923</span></div>
<div class='line'><span class='HeaderName'>Set-Cookie:</span><span class='HeaderValue'> TS016d37e8=01851f6ed5962d9da0fca906b73154f7115c8d0842927a45143768527b2a0f0aefc54</span></div>
<div class='line'><span class='HeaderValue'>ddbc2588a4c9cb1e0ae06bf7d7b3fb8a283f7; Path=/</span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>[Binary data]</span></div>

        </div>
        <div class="page-break"></div>
    <h3>
        <span>6.2.6</span>
        <span>
                <a href="#OftenMisusedFileUpload">Often Misused: File Upload</a>
        </span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
        <div class="block-header bg-primary">
                <a name="cf321a717cda44d6b07e7ba9bece4e2c"></a>
            ID 34530894 - https://www.dashanqy.com:443/jobjoin.aspx
        </div>
        <div class="block-header bg-gray">Request</div>
        <div class="syntax">
            <div class='line'><span class='default'>GET /jobjoin.aspx HTTP/1.1</span></div>
<div class='line'><span class='HeaderName'>Referer:</span><span class='HeaderValue'> https://www.dashanqy.com/jobshow.aspx</span></div>
<div class='line'><span class='HeaderName'>Accept:</span><span class='HeaderValue'> */*</span></div>
<div class='line'><span class='HeaderName'>Accept-Encoding:</span><span class='HeaderValue'> gzip, deflate</span></div>
<div class='line'><span class='HeaderName'>Pragma:</span><span class='HeaderValue'> no-cache</span></div>
<div class='line'><span class='HeaderName'>User-Agent:</span><span class='HeaderValue'> Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0</span></div>
<div class='line'><span class='HeaderName'>Host:</span><span class='HeaderValue'> www.dashanqy.com</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> Keep-Alive</span></div>
<div class='line'><span class='HeaderName'>X-Scan-Memo:</span><span class='HeaderValue'> Category="Crawl"; SID="3C6D6D37D901C1ED45483A3F24653D36"; PSID="8869DBA9A54ABA21457CA67DB6C8BCEF"; SessionType="Crawl"; CrawlType="HTML"; AttackType="None"; OriginatingEngineID="00000000-0000-0000-0000-000000000000"; AttributeName="href"; Format="NonRooted"; LinkKind="HyperLink"; Locations="HtmlNode"; Source="ScriptExecution"; ThreadId="236"; ThreadType="CrawlBreadthFirstDBReader"; </span></div>
<div class='line'><span class='HeaderName'>X-RequestManager-Memo:</span><span class='HeaderValue'> sid="369"; smi="0"; sc="1"; ID="eb0077a0-ecfb-44fa-90f5-cbe98597ceb1"; </span></div>
<div class='line'><span class='HeaderName'>X-Request-Memo:</span><span class='HeaderValue'> ID="448571b7-1e30-41e1-a4f7-8483b321ba03"; sc="1"; ThreadId="179"; </span></div>
<div class='line'><span class='HeaderName'>Cookie:</span><span class='HeaderValue'> CustomCookie=WebInspect122856ZX38A625F6A3164D32AE7BC3B51B1FE5DBY7708;ASP.</span></div>
<div class='line'><span class='HeaderValue'>NET_SessionId=g5xr2xss1bhuu4xfomw4qin0;TS016d37e8=01851f6ed597b64128c12d0d507455</span></div>
<div class='line'><span class='HeaderValue'>3cd330410b91668015c50f5fb3b55e39bd2dc5c8a577ec6ec0d07eee63d245473efc91ce71ca</span></div>
<div class='line'><span class='default'><br /></span></div>

        </div>
        <div class="block-header bg-gray">Response</div>
        <div class="syntax">
            <div class='line'><span class='default'>HTTP/1.1 200 OK</span></div>
<div class='line'><span class='HeaderName'>Cache-Control:</span><span class='HeaderValue'> private</span></div>
<div class='line'><span class='HeaderName'>Content-Type:</span><span class='HeaderValue'> text/html; charset=utf-8</span></div>
<div class='line'><span class='HeaderName'>Vary:</span><span class='HeaderValue'> Accept-Encoding</span></div>
<div class='line'><span class='HeaderName'>X-Powered-By:</span><span class='HeaderValue'> ASP.NET</span></div>
<div class='line'><span class='HeaderName'>X-Frame-Options:</span><span class='HeaderValue'> SAMEORIGIN</span></div>
<div class='line'><span class='HeaderName'>Date:</span><span class='HeaderValue'> Thu, 05 Apr 2018 17:51:11 GMT</span></div>
<div class='line'><span class='HeaderName'>Content-Length:</span><span class='HeaderValue'> 51995</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>&lt;!DOCTYPE html></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>html</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>head</span><span class='default'>></span></div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>meta</span><span class='default'> http-</span><span class='AttrName'>equiv</span><span class='default'>=</span><span class='AttrValue'>"Content-Type"</span><span class='default'> </span><span class='AttrName'>content</span><span class='default'>=</span><span class='AttrValue'>"text/html; charset=utf-8"</span><span class='default'> /></span></div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>title</span><span class='default'>></span><span class='Text'>大山云南山泉官网</span><span class='default'>&lt;</span><span class='ElementName'>/title</span><span class='default'>></span></div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>link</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"/css/public.css"</span><span class='default'> </span><span class='AttrName'>rel</span><span class='default'>=</span><span class='AttrValue'>"stylesheet"</span><span class='default'> </span><span class='AttrName'>type</span><span class='default'>=</span><span class='AttrValue'>"text/css"</span><span class='default'> />   </span></div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>link</span><span class='default'> </span><span class='AttrName'>href</span><span class='default'>=</span><span class='AttrValue'>"/css/company.css"</span><span class='default'> </span><span class='AttrName'>rel</span><span class='default'>=</span><span class='AttrValue'>"stylesheet"</span><span class='default'> </span><span class='AttrName'>type</span><span class='default'>=</span><span class='AttrValue'>"text/css"</span><span class='default'> /></span></div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>script</span><span class='default'> </span><span class='AttrName'>src</span><span class='default'>=</span><span class='AttrValue'>"/js/jquery.min.js"</span><span class='default'> </span><span class='AttrName'>type</span><span class='default'>=</span><span class='AttrValue'>"text/javascript"</span><span class='default'>>&lt;</span><span class='ElementName'>/script</span><span class='default'>></span></div>
<div class='line'><span class='default'>    &lt;script type="text/javascript" src="/js/jquery.SuperSlide.2.1.1.js">&lt;/script> </span></div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>script</span><span class='default'> </span><span class='AttrName'>src</span><span class='default'>=</span><span class='AttrValue'>"/js/ajaxfileupload.js"</span><span class='default'> </span><span class='AttrName'>type</span><span class='default'>=</span><span class='AttrValue'>"text/javascript"</span><span class='default'>>&lt;</span><span class='ElementName'>/script</span><span class='default'>></span></div>
<div class='line'><span class='default'>    &lt;meta http-equiv="X-Frame-Options" content="deny"></span></div>
<div class='line'><span class='default'>    &lt;meta http-equiv="windows-Target" contect="_top"></span></div>
<div class='line'><span class='default'>&lt;/head></span></div>
<div class='line'><span class='default'>&lt;body></span></div>
<div class='line'><span class='default'>    &lt;div class="top"></span></div>
<div class='line'><span class='default'>         &lt;div class="logo">&lt;a href="index.aspx">&lt;img src="/images/logo.jpg" alt="" />&lt;/a>&lt;/div>     </span></div>
<div class='line'><span class='default'>         &lt;div class="menudiv"></span></div>
<div class='line'><span class='StartAtLine'><br /></span></div>
<div class='line'><span class='StartAtLine'><br /></span></div>
<div class='line'><span class='StartAtLine'> ... Starting at line 162 ... </span></div>
<div class='line'><span class='StartAtLine'><br /></span></div>
<div class='line'><span class='default'>                                  &lt;</span><span class='ElementName'>span</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"color: #ff0018;"</span><span class='default'>></span><span class='Text'>*</span><span class='default'>&lt;</span><span class='ElementName'>/span</span><span class='default'>>个人简历：</span></div>
<div class='line'><span class='default'>                                   &lt;</span><span class='ElementName'>div</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"position: relative;line-height: 10px;top: -10px;font-size: 10px; color:Red;"</span><span class='default'>></span><span class='Text'>(限word,不超过2MB)</span><span class='default'>&lt;</span><span class='ElementName'>/div</span><span class='default'>></span></div>
<div class='line'><span class='default'>                              &lt;</span><span class='ElementName'>/td</span><span class='default'>></span></div>
<div class='line'><span class='default'>                              &lt;</span><span class='ElementName'>td</span><span class='default'>></span></div>
<div class='line'><span class='default'>                                  </span><span class='AttackSelection'>&lt;input type="file"</span><span class='default'> </span><span class='AttrName'>id</span><span class='default'>=</span><span class='AttrValue'>"txtfile"</span><span class='default'> </span><span class='AttrName'>name</span><span class='default'>=</span><span class='AttrValue'>"file"</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"width: 200px; height: 30px;"</span><span class='default'> /></span></div>
<div class='line'><span class='default'>                              &lt;</span><span class='ElementName'>/td</span><span class='default'>></span></div>
<div class='line'><span class='default'>                          &lt;</span><span class='ElementName'>/tr</span><span class='default'>></span></div>
<div class='line'><span class='default'>                          &lt;</span><span class='ElementName'>tr</span><span class='default'>></span></div>
<div class='line'><span class='default'>                              &lt;</span><span class='ElementName'>td</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"height: 50px; line-height: 50px;"</span><span class='default'>></span></div>
<div class='line'><span class='default'>                                  &lt;</span><span class='ElementName'>span</span><span class='default'> </span><span class='AttrName'>style</span><span class='default'>=</span><span class='AttrValue'>"color: #ff0018;"</span><span class='default'>></span><span class='Text'>*</span><span class='default'>&lt;</span><span class='ElementName'>/span</span><span class='default'>>验 证 码：</span></div>

        </div>
        <div class="page-break"></div>
    <h3>
        <span>6.2.7</span>
        <span>
                <a href="#SystemInformationLeakExternal">System Information Leak: External</a>
        </span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
        <div class="block-header bg-primary">
                <a name="b32c00c61bfc43178e97cc7c7b0887d5"></a>
            ID 34531726 - https://www.dashanqy.com/%3c
        </div>
        <div class="block-header bg-gray">Request</div>
        <div class="syntax">
            <div class='line'><span class='default'>GET /%3c HTTP/1.1</span></div>
<div class='line'><span class='HeaderName'>Host:</span><span class='HeaderValue'> www.dashanqy.com</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Upgrade-Insecure-Requests:</span><span class='HeaderValue'> 1</span></div>
<div class='line'><span class='HeaderName'>User-Agent:</span><span class='HeaderValue'> Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36</span></div>
<div class='line'><span class='HeaderName'>Accept:</span><span class='HeaderValue'> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;</span></div>
<div class='line'><span class='HeaderValue'>q=0.8</span></div>
<div class='line'><span class='HeaderName'>Accept-Encoding:</span><span class='HeaderValue'> gzip, deflate</span></div>
<div class='line'><span class='HeaderName'>Accept-Language:</span><span class='HeaderValue'> en-US,en;q=0.9</span></div>
<div class='line'><span class='HeaderName'>Cookie:</span><span class='HeaderValue'> ASP.NET_SessionId=uwflf5f2apq1utt5inzr0i5y; vc=sJDSy5ukXh0%3d; TS016d37e8=01851f6ed545336db65f5ca87bcc05abb7fe3c7912a47dacfc09b58dd9120bb116b13</span></div>
<div class='line'><span class='HeaderValue'>d5dbb6cba3e3c7fbe348e10de7956d35a371157624d9bd6310e4a9e7d02ba1563d4097f5df82f5ae</span></div>
<div class='line'><span class='HeaderValue'>ae8ece4cd4f82c4ce53a6</span></div>
<div class='line'><span class='default'><br /></span></div>

        </div>
        <div class="block-header bg-gray">Response</div>
        <div class="syntax">
            <div class='line'><span class='default'>HTTP/1.1 400 Bad Request</span></div>
<div class='line'><span class='HeaderName'>Cache-Control:</span><span class='HeaderValue'> private</span></div>
<div class='line'><span class='HeaderName'>Content-Type:</span><span class='HeaderValue'> text/html; charset=utf-8</span></div>
<div class='line'><span class='HeaderName'>X-Powered-By:</span><span class='HeaderValue'> ASP.NET</span></div>
<div class='line'><span class='HeaderName'>X-Frame-Options:</span><span class='HeaderValue'> SAMEORIGIN</span></div>
<div class='line'><span class='HeaderName'>Date:</span><span class='HeaderValue'> Mon, 09 Apr 2018 01:15:30 GMT</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Content-Length:</span><span class='HeaderValue'> 3809</span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>&lt;!DOCTYPE html></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>html</span><span class='default'>></span></div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>head</span><span class='default'>></span></div>
<div class='line'><span class='default'>        &lt;</span><span class='ElementName'>title</span><span class='default'>></span><span class='Text'>A potentially dangerous Request.Path value was detected from the client (&lt;).</span><span class='default'>&lt;</span><span class='ElementName'>/title</span><span class='default'>></span></div>
<div class='line'><span class='default'>        &lt;</span><span class='ElementName'>meta</span><span class='default'> </span><span class='AttrName'>name</span><span class='default'>=</span><span class='AttrValue'>"viewport"</span><span class='default'> </span><span class='AttrName'>content</span><span class='default'>=</span><span class='AttrValue'>"width=device-width"</span><span class='default'> /></span></div>
<div class='line'><span class='default'>        &lt;</span><span class='ElementName'>style</span><span class='default'>></span></div>
<div class='line'><span class='default'>         body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;} </span></div>
<div class='line'><span class='default'>         p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}</span></div>
<div class='line'><span class='default'>         b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}</span></div>
<div class='line'><span class='default'>         H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }</span></div>
<div class='line'><span class='default'>         H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }</span></div>
<div class='line'><span class='default'>         pre {font-family:"Consolas","Lucida Console",Monospace;font-size:11pt;margin:0;padding:0.5em;line-height:14pt}</span></div>
<div class='line'><span class='default'>         .marker {font-weight: bold; color: black;text-decoration: none;}</span></div>
<div class='line'><span class='default'>         .version {color: gray;}</span></div>
<div class='line'><span class='default'>         .error {margin-bottom: 10px;}</span></div>
<div class='line'><span class='default'>         .expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }</span></div>
<div class='line'><span class='default'>         @media screen and (max-width: 639px) {</span></div>
<div class='line'><span class='StartAtLine'><br /></span></div>
<div class='line'><span class='StartAtLine'><br /></span></div>
<div class='line'><span class='StartAtLine'> ... Starting at line 80 ... </span></div>
<div class='line'><span class='StartAtLine'><br /></span></div>
<div class='line'><span class='default'>            &lt;</span><span class='ElementName'>br</span><span class='default'>></span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>            &lt;</span><span class='ElementName'>hr</span><span class='default'> </span><span class='AttrName'>width</span><span class='default'>=</span><span class='AttrValue'>100%</span><span class='default'> </span><span class='AttrName'>size</span><span class='default'>=</span><span class='AttrValue'>1</span><span class='default'> </span><span class='AttrName'>color</span><span class='default'>=</span><span class='AttrValue'>silver</span><span class='default'>></span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>           </span><span class='AttackSelection'> &lt;b>Version Information:&lt;/b>&nbsp;Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.36393</span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>            &lt;</span><span class='ElementName'>/font</span><span class='default'>></span></div>
<div class='line'>&nbsp; </div>
<div class='line'><span class='default'>    &lt;</span><span class='ElementName'>/body</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>/html</span><span class='default'>></span></div>

        </div>
        <div class="page-break"></div>
<h2>Appendix - Descriptions of Key Terminology</h2>
<span id="appendix-a" data-bookmark-enabled="true" data-bookmark-level="1" data-bookmark-text="7. Appendix"></span>

<h3>Security Rating</h3>
<p>The Fortify on Demand 5-star assessment rating provides information on the likelihood and impact of defects present within an application. A perfect rating within this system would be 5 complete stars indicating that no high impact vulnerabilities were uncovered.</p>

<table class="table table-striped appendix-security-rating">
    <thead>
        <tr>
            <th>Rating</th>
            <th></th>
        </tr>
    </thead>
    <tbody>
        <tr>
            <td>
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
            </td>
            <td>Fortify on Demand awards one star to projects that undergo a Fortify on Demand security review, which analyzes a project for a variety of software security vulnerabilities.</td>
        </tr>
        <tr>
            <td>
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
            </td>
            <td>Fortify on Demand awards two stars to projects that undergo a Fortify on Demand security review that identifies no high likelihood / high impact issues. Vulnerabilities that are trivial to exploit and have a high business or technical impact should never exist in business-critical software.</td>
        </tr>
        <tr>
            <td>
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
            </td>
            <td>Fortify on Demand awards three stars to projects that undergo a Fortify on Demand security review that identifies no low likelihood / high impact issues and meets the requirements needed to receive two stars. Vulnerabilities that have a high impact, even if they are non-trivial to exploit, should never exist in business critical software.</td>
        </tr>
        <tr>
            <td>
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
            </td>
            <td>Fortify on Demand awards four stars to projects that undergo a Fortify on Demand security review that identifies no high likelihood / low impact issues and meets the requirements for three stars. Vulnerabilities that have a low impact, but are easy to exploit, should be considered carefully as they may pose a greater threat if an attacker exploits many of them as part of a concerted effort or leverages a low impact vulnerability as a stepping stone to mount a high-impact attack.</td>
        </tr>
        <tr>
            <td>
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
            </td>
            <td>Fortify on Demand awards five stars to projects that undergo a Fortify on Demand security review that identifies no issues.</td>
        </tr>
    </tbody>
</table>

<h3>Likelihood and Impact</h3>

<h4>Likelihood</h4>
<p>Likelihood is the probability that a vulnerability will be accurately identified and successfully exploited.</p>

<h4>Impact</h4>
<p>Impact is the potential damage an attacker could do to assets by successfully exploiting a vulnerability. This damage can be in the form of, but not limited to, financial loss, compliance violation, loss of brand reputation, and negative publicity.</p>

<h3>Fortify on Demand Priority Order</h3>

<h4 class="text-severity-critical">Critical</h4>
<p>Critical-priority issues have high impact and high likelihood. Critical-priority issues are easy to detect and exploit and result in large asset damage.
These issues represent the highest security risk to the application. As such, they should be remediated immediately.</p>
<p>SQL Injection is an example of a critical issue.</p>

<h4 class="text-severity-high">High</h4>
<p>High-priority issues have high impact and low likelihood. High-priority issues are often difficult to detect and exploit, but can result in large asset damage.
These issues represent a high security risk to the application. High priority issues should be remediated in the next scheduled patch release.</p>
<p>Password Management: Hardcoded Password is an example of a high issue.</p>

<h4 class="text-severity-medium">Medium</h4>
<p>Medium-priority issues have low impact and high likelihood. Medium-priority issues are easy to detect and exploit, but typically result in small asset damage.
These issues represent a moderate security risk to the application. Medium-priority issues should be remediated in the next scheduled product.</p>
<p>Path Manipulation is an example of a medium issue.</p>

<h4 class="text-severity-low">Low</h4>
<p>Low-priority issues have low impact and low likelihood. Low-priority issues can be difficult to detect and exploit and typically result in small asset damage.
These issues represent a minor security risk to the application. Low priority issues should be remediated as time allows.</p>
<p>Dead Code is an example of a low issue.</p>


<h3>Issue Status</h3>

<h4>New</h4>
<p>New issues are ones that have been identified for the first time in the most recent analysis of the application.</p>

<h4>Existing</h4>
<p>Existing issues are issues that have been found in a previous analysis of the application and are still present in the latest analysis.</p>

<h4>Reopened</h4>
<p>Reopened issues have been discovered in a previous analysis of the application but were not present in subsequent analyses. These issues are now present again in the most recent analysis of the application.</p>


<h3>Fortify on Demand Remediation Effort Estimate</h3>

<h4>Major Remediation</h4>
<p>Major remediation effort issues must often be addressed at multiple locations to fix the root problem.</p>

<h4>Minor Remediation</h4>
<p>Minor remediation effort issues can typically be addressed at the location of the root problem.</p>


<div class="page-break"></div>
    <p class='small text-muted'>
This report contains Micro Focus CONFIDENTIAL information, including but not limited to Micro Focus&#39;s analysis, techniques for analysis and recommendations.  This report may not be made public, used for competitive or consulting purposes or used outside of the recipient.
    <p>
  </body>
</html>
